Android Device Vulnerability in Tecno Camon iClick by Tecno
CVE-2019-15345

7.8HIGH

Key Information:

Vendor: Tecno-mobile
Status: Camon Iclick Firmware
Vendor: CVE Published:; 14 November 2019

🔔 Create Tecno-mobile Vulnerability Alert

What is CVE-2019-15345?

The Tecno Camon iClick features a critical vulnerability due to an exported service within a pre-installed app that allows any co-located application to dynamically load and execute a Dalvik Executable (DEX) file with system-level permissions. This weakness can be exploited by unprivileged applications, enabling them to perform a wide array of malicious activities such as video recording the screen, factory resetting the device, accessing sensitive notifications, reading log files, and intercepting personal messages. The downside of this vulnerability is that the pre-installed app cannot be disabled by users, significantly increasing the risk of unauthorized monitoring and control over the device.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.kryptowire.com/android-firmware-2019/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2019
Vulnerability Reserved
Aug 22, 2019

JSON

Tecno-mobile

What is CVE-2019-15345?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.