Android Device Vulnerability in Tecno Camon with Pre-installed App by Tecno
CVE-2019-15351

7.8HIGH

Key Information:

Vendor: Tecno-mobile
Status: Tecno\/h622\/tecno-id5b\
Vendor: CVE Published:; 14 November 2019

Summary

A vulnerability exists in Tecno's Android devices where a pre-installed app grants malicious applications the ability to execute arbitrary commands as the system user. This is achieved through an exported service that reacts to manipulated log messages. The implications of this flaw are severe, as it allows attackers to perform actions such as screen recording, factory resets, accessing notifications, altering the graphical user interface, and reading sensitive user messages. The compromised app cannot be disabled by users, and the exploit can be triggered by apps with no special permissions.

References

https://www.kryptowire.com/android-firmware-2019/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2019
Vulnerability Reserved
Aug 22, 2019