Local File Access Vulnerability in TCL Android Smart TVs
CVE-2020-28055

7.8HIGH

Key Information:

Vendor

Tcl

Status
32s330 Firmware
Vendor
CVE Published:
10 November 2020

What is CVE-2020-28055?

A vulnerability in certain TCL Android Smart TV models allows local unprivileged attackers to gain unauthorized access to sensitive directories like /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager. This vulnerability can be exploited by malicious apps or users to perform unauthorized actions, such as executing fake system upgrades by manipulating files within the TV's file system.

References

https://twitter.com/sickcodes/
x_refsource_MISC
https://twitter.com/johnjhacking/
x_refsource_MISC
https://sick.codes/extraordinary-vulnerabilities-discover...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.