Unexported Component Launch Vulnerability
CVE-2024-10018

Currently unrated

Key Information:

Vendor: Tecno
Status: Com.transsion.aivoiceassistant
Vendor: CVE Published:; 16 October 2024

What is CVE-2024-10018?

A vulnerability exists within Tecno's mobile application that stems from improper permission controls. This flaw allows potential attackers to launch any unexported component of the application, which could lead to unauthorized functions being executed without proper restriction. Such vulnerabilities can expose sensitive user data or allow malicious actions that should not be possible under normal application operations.

Affected Version(s)

com.transsion.aivoiceassistant 3.3 < 3.6

References

https://security.tecno.com/SRC/blogdetail/323?lang=en_US

https://security.tecno.com/SRC/securityUpdates?type=SA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
Oct 16, 2024