CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10195 – Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection
https://notcve.org/view.php?id=CVE-2024-10195
20 Oct 2024 — A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. • https://asciinema.org/a/2mwkmDqRZfeAYTu5hHre1r4QB • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 2CVE-2023-52275
https://notcve.org/view.php?id=CVE-2023-52275
31 Dec 2023 — Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. Gallery3d en dispositivos Tecno Camon X CA7 permite a los atacantes ver imágenes ocultas navegando a data/com.android.gallery3d/.privatealbum/.encryptfiles y adivinando la extensión correcta del archivo de imagen. • https://github.com/tahaafarooq/gallery3d-tecno-exploit • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 5%CPEs: 2EXPL: 1CVE-2023-6304 – Tecno 4G Portable WiFi TR118 Ping Tool goform_get_cmd_process os command injection
https://notcve.org/view.php?id=CVE-2023-6304
27 Nov 2023 — A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. • https://drive.google.com/file/d/1DUSlAxTbNLBdv1aLUAn-tDMu6Z1rHYH8/view • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15355
https://notcve.org/view.php?id=CVE-2019-15355
14 Nov 2019 — The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. El dispositivo Tecno Camon iClick Android con una huella digital de compilación de TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/r... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15351
https://notcve.org/view.php?id=CVE-2019-15351
14 Nov 2019 — The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected me... • https://www.kryptowire.com/android-firmware-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15350
https://notcve.org/view.php?id=CVE-2019-15350
14 Nov 2019 — The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in... • https://www.kryptowire.com/android-firmware-2019 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15349
https://notcve.org/view.php?id=CVE-2019-15349
14 Nov 2019 — The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute i... • https://www.kryptowire.com/android-firmware-2019 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15348
https://notcve.org/view.php?id=CVE-2019-15348
14 Nov 2019 — The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected m... • https://www.kryptowire.com/android-firmware-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15347
https://notcve.org/view.php?id=CVE-2019-15347
14 Nov 2019 — The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-se... • https://www.kryptowire.com/android-firmware-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15346
https://notcve.org/view.php?id=CVE-2019-15346
14 Nov 2019 — The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and e... • https://www.kryptowire.com/android-firmware-2019 • CWE-668: Exposure of Resource to Wrong Sphere •