CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15347
https://notcve.org/view.php?id=CVE-2019-15347
14 Nov 2019 — The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-se... • https://www.kryptowire.com/android-firmware-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15346
https://notcve.org/view.php?id=CVE-2019-15346
14 Nov 2019 — The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and e... • https://www.kryptowire.com/android-firmware-2019 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15345
https://notcve.org/view.php?id=CVE-2019-15345
14 Nov 2019 — The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execu... • https://www.kryptowire.com/android-firmware-2019 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15344
https://notcve.org/view.php?id=CVE-2019-15344
14 Nov 2019 — The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be pe... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15343
https://notcve.org/view.php?id=CVE-2019-15343
14 Nov 2019 — The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-select... • https://www.kryptowire.com/android-firmware-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15342
https://notcve.org/view.php?id=CVE-2019-15342
14 Nov 2019 — The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker... • https://www.kryptowire.com/android-firmware-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15341
https://notcve.org/view.php?id=CVE-2019-15341
14 Nov 2019 — The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process an... • https://www.kryptowire.com/android-firmware-2019 • CWE-668: Exposure of Resource to Wrong Sphere •