93 matches found
CVE-2019-14758
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application assuming the victim chooses to download th...
CVE-2019-14758
CVE-2019-14758 affects KaiOS 2.5 and 2.5.1. The pre-installed File Manager is vulnerable to HTML/JavaScript injection when a victim opens a file received via email and downloaded. The issue can let an attacker take control of the File Manager UI (for example, showing a malicious prompt to harvest...
CVE-2019-14757
CVE-2019-14757 affects KaiOS 2.5 and 2.5.1. The pre-installed Contacts app is vulnerable to HTML and JavaScript injection when a victim imports a crafted vCard file. The issue enables an attacker to inject HTML into the Contacts UI, potentially displaying malicious prompts and prompting users to ...
CVE-2019-14757
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...
CVE-2019-14756
KaiOS Email app (pre-installed) on KaiOS 1.0, 2.5 and 2.5.12.5 is vulnerable to HTML/JavaScript injection via specially crafted emails. When such an email is opened, HTML can be injected into the Email UI, potentially allowing UI control (e.g., prompting for credentials) and abuse of app privileg...
CVE-2019-14756
An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. A...
CVE-2019-16243
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. This web API is normally used by the system application...
CVE-2019-7386
A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 platform 48.0.a2 on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code executi...
Remote code execution
A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 platform 48.0.a2 on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code executi...
CVE-2019-7386
A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 platform 48.0.a2 on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code executi...
CVE-2019-7386
CVE-2019-7386 concerns KaiOS 2.5 / Nokia 8810 4G, where the Gecko component may crash (segfault) in the internal browser when loading a crafted page. This can lead to remote code execution on the device, as described in multiple sources referencing KaiOS 2.5 10.05 with platform 48.0.a2. Public de...
KaiOS Gecko Component Denial of Service Vulnerability in Nokia 8810 4G Devices
The Nokia 8810 4G is a generation of banana model phones. A security vulnerability exists in the Gecko component of KaiOS version 2.5 10.05 on Nokia 8810 4G devices. The vulnerability can be exploited by an attacker to execute code or cause a denial of service with the help of a specially crafted...
Nokia 8810 Denial Of Service Exploit
A denial of service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 platform 48.0.a2 on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code executi...