15 matches found
CVE-2019-16241
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...
CVE-2019-16243
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. This web API is normally used by the system application...
EUVD-2019-7049
Malware in sbrugna...
EUVD-2019-7050
Malware in sbrugna...
CVE-2019-16242
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...
CVE-2019-16243
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. This web API is normally used by the system application...
CVE-2019-16243
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. This web API is normally used by the system application...
Authentication flaw
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...
Command injection
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...
CVE-2019-16241
CVE-2019-16241 affects TCL Alcatel Cingular Flip 2 B9HUAH1: PIN authentication can be bypassed by placing a specially crafted file in /data/local/tmp/. The System lock-screen app checks for this file’s existence and disables PIN if found, typically via ADB over USB. This is the explicit, device-s...
CVE-2019-16241
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...
CVE-2019-16243
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. This web API is normally used by the system application...
CVE-2019-16243
CVE-2019-16243 affects TCL Alcatel Cingular Flip 2 B9HUAH1. An undocumented web API accessible from unprivileged JavaScript (including KaiOS browser) lets an attacker view and edit the device’s firmware OTA update settings; this API is normally used by OmaService.js by the system app. The root ca...
CVE-2019-16242
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...
CVE-2019-16242
CVE-2019-16242 affects the OC engineering app omamock on TCL Alcatel Cingular Flip 2 B9HUAH1. The vulnerability is OS command injection arising from inadequate input handling when constructing OS commands, enabling an attacker with physical access to execute arbitrary commands as root via the app...