Exported Service Flaw in Tecno Camon iClick 2 Android Device
CVE-2019-15347

7.8HIGH

Key Information:

Vendor

Tecno-mobile

Status
Camon Iclick 2 Firmware
Vendor
CVE Published:
14 November 2019

What is CVE-2019-15347?

A pre-installed platform application on the Tecno Camon iClick 2 Android device is vulnerable due to an exported service that allows local applications to execute arbitrary commands with system user privileges. This flaw can be exploited without requiring any special permissions from the user, enabling malicious apps to perform a range of unauthorized actions. These include screen recording, accessing notifications, altering system settings, and potentially stealing sensitive user data such as text messages. This critical security oversight poses significant risks to user privacy and device integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.kryptowire.com/android-firmware-2019/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.