Vulnerability in Tecno Camon Android Device with Pre-installed App
CVE-2019-15348

7.8HIGH

Key Information:

Vendor: Tecno-mobile
Status: Tecno\/h612\/tecno-id5a\
Vendor: CVE Published:; 14 November 2019

Summary

The Tecno Camon Android device features a pre-installed application that exposes a critical security vulnerability. The app includes an exported service that allows any app on the device to execute arbitrary shell commands as the system user, presenting severe security risks. These commands can be triggered by simply writing a designated message to the logcat log. Since the app cannot be disabled by users, a malicious app can exploit this vulnerability without requiring permissions. The consequences may include unauthorized access to sensitive user data, manipulation of device settings, and full control over the device's functions.

References

https://www.kryptowire.com/android-firmware-2019/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2019
Vulnerability Reserved
Aug 22, 2019