CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2190
https://notcve.org/view.php?id=CVE-2025-2190
11 Mar 2025 — The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks. • https://security.tecno.com/SRC/blogdetail/393?lang=en_US • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1298
https://notcve.org/view.php?id=CVE-2025-1298
14 Feb 2025 — Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover. • https://security.tecno.com/SRC/blogdetail/383?lang=en_US • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0590
https://notcve.org/view.php?id=CVE-2025-0590
20 Jan 2025 — Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. • https://security.tecno.com/SRC/blogdetail/381?lang=en_US • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11206
https://notcve.org/view.php?id=CVE-2024-11206
14 Nov 2024 — Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. • https://security.tecno.com/SRC/blogdetail/340?lang=en_US • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10195 – Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection
https://notcve.org/view.php?id=CVE-2024-10195
20 Oct 2024 — A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. • https://asciinema.org/a/2mwkmDqRZfeAYTu5hHre1r4QB • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10018
https://notcve.org/view.php?id=CVE-2024-10018
16 Oct 2024 — Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. • https://security.tecno.com/SRC/blogdetail/323?lang=en_US • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8039
https://notcve.org/view.php?id=CVE-2024-8039
14 Sep 2024 — Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks. • https://security.tecno.com/SRC/blogdetail/307?lang=en_US • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7697 – Logical vulnerability in com.transsion.carlcare
https://notcve.org/view.php?id=CVE-2024-7697
12 Aug 2024 — Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. • https://security.tecno.com/SRC/blogdetail/294?lang=en_US • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6780 – Improper permission control in com.android.server.telecom
https://notcve.org/view.php?id=CVE-2024-6780
16 Jul 2024 — Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks. Un control de permisos inadecuado en la aplicación móvil (com.android.server.telecom) puede generar riesgos para la seguridad de la información del usuario. • https://security.tecno.com/SRC/blogdetail/276?lang=en_US • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5163 – Improper permission settings in com.transsion.carlcare
https://notcve.org/view.php?id=CVE-2024-5163
17 Jun 2024 — Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks. La configuración incorrecta de permisos para aplicaciones móviles (com.transsion.carlcare) puede provocar riesgos de seguridad de la cuenta y la contraseña del usuario. • https://security.tecno.com/SRC/blogdetail/267?lang=en_US • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-732: Incorrect Permission Assignment for Critical Resource •