CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4988 – Improper permission control in com.transsion.videocallenhancer
https://notcve.org/view.php?id=CVE-2024-4988
21 May 2024 — The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage. La interfaz de la aplicación móvil (com.transsion.videocallenhancer) tiene un control de permisos inadecuado, lo que puede generar riesgo de filtración de archivos privados. • https://security.tecno.com/SRC/blogdetail/250?lang=en_US • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3701 – Improper Authentication in com.transsion.kolun.aiservice
https://notcve.org/view.php?id=CVE-2024-3701
15 Apr 2024 — The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. El componente de la aplicación del sistema (com.transsion.kolun.aiservice) no realiza una verificación de autenticación, lo que permite a los atacantes realizar explotaciones maliciosas y afectar los servicios del sistema. • https://security.tecno.com/SRC/blogdetail/236?lang=en_US • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 2CVE-2023-52275
https://notcve.org/view.php?id=CVE-2023-52275
31 Dec 2023 — Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. Gallery3d en dispositivos Tecno Camon X CA7 permite a los atacantes ver imágenes ocultas navegando a data/com.android.gallery3d/.privatealbum/.encryptfiles y adivinando la extensión correcta del archivo de imagen. • https://github.com/tahaafarooq/gallery3d-tecno-exploit • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 5%CPEs: 2EXPL: 1CVE-2023-6304 – Tecno 4G Portable WiFi TR118 Ping Tool goform_get_cmd_process os command injection
https://notcve.org/view.php?id=CVE-2023-6304
27 Nov 2023 — A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. • https://drive.google.com/file/d/1DUSlAxTbNLBdv1aLUAn-tDMu6Z1rHYH8/view • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15417
https://notcve.org/view.php?id=CVE-2019-15417
14 Nov 2019 — The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. This capability can be accessed by any app co-located on the device. El dispositivo Tecno Spark Pro Android con una huella digital de compilación de TECNO/H3722/TECNO-K8:7.0/NRD9... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15355
https://notcve.org/view.php?id=CVE-2019-15355
14 Nov 2019 — The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. El dispositivo Tecno Camon iClick Android con una huella digital de compilación de TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/r... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15351
https://notcve.org/view.php?id=CVE-2019-15351
14 Nov 2019 — The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected me... • https://www.kryptowire.com/android-firmware-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15350
https://notcve.org/view.php?id=CVE-2019-15350
14 Nov 2019 — The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in... • https://www.kryptowire.com/android-firmware-2019 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15349
https://notcve.org/view.php?id=CVE-2019-15349
14 Nov 2019 — The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute i... • https://www.kryptowire.com/android-firmware-2019 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15348
https://notcve.org/view.php?id=CVE-2019-15348
14 Nov 2019 — The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected m... • https://www.kryptowire.com/android-firmware-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •