Directory Listing Vulnerability in TCL Android Smart TVs by TCL Technology Group
CVE-2020-27403

6.5MEDIUM

Key Information:

Vendor

Tcl

Status
32s330 Firmware
Vendor
CVE Published:
10 November 2020

What is CVE-2020-27403?

A critical security flaw in TCL Android Smart TVs permits local network attackers to exploit an insecure web server running on port 7989. This vulnerability allows unauthorized browsing and downloading of sensitive system files. Notably, some models may expose the entire filesystem on alternative ports such as 7983. Any unprivileged app on the Android interface can access and read these files, including sensitive information like saved passwords and private keys. This creates significant risks for users, exposing personal data and system settings without proper authentication.

References

https://github.com/sickcodes
x_refsource_MISC
https://github.com/sickcodes/security/blob/master/advisor...
x_refsource_MISC
https://sick.codes/sick-2020-009
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.