Exported Service Flaw in Tecno Camon iClick 2 Android Device
CVE-2019-15347

7.8HIGH

Key Information:

Vendor: Tecno-mobile
Status: Camon Iclick 2 Firmware
Vendor: CVE Published:; 14 November 2019

Summary

A pre-installed platform application on the Tecno Camon iClick 2 Android device is vulnerable due to an exported service that allows local applications to execute arbitrary commands with system user privileges. This flaw can be exploited without requiring any special permissions from the user, enabling malicious apps to perform a range of unauthorized actions. These include screen recording, accessing notifications, altering system settings, and potentially stealing sensitive user data such as text messages. This critical security oversight poses significant risks to user privacy and device integrity.

References

https://www.kryptowire.com/android-firmware-2019/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2019
Vulnerability Reserved
Aug 22, 2019