CVE-2023-38293

Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...

PT-2024-12704 · Nokia +2 · Nokia C200 +3

Name of the Vulnerable Software and Affected Versions: AT&T Calypso version ATT/U318AA/U318AA:10/QP1A.190711.020/1632369780:user/release-keys Nokia C100 versions Nokia/DrakeLite 02US/DKT:12/SP1A.210812.016/02US 1 190:user/release-keys through Nokia/DrakeLite 02US/DKT:12/SP1A.210812.016/02US 1...

CVE-2023-38293

CVE-2023-38293 concerns Nokia C200/C100 devices with a pre-installed com.tracfone.tfstatus app. It allows local third-party apps to inject and execute arbitrary AT commands in the radio context by exploiting two input/injection techniques via a broadcast to com.tracfone.tfstatus/.TFStatus, with n...

CVE-2023-38299

CVE-2023-38299 affects AT&T Calypso, Nokia C100, Nokia C200 and BLU View 3 devices. The issue is that certain software builds leak the device IMEI to a system property (persist.sys.imei1) accessible by any local app without permissions. A high-privilege process exposes the value, allowing indirec...

CVE-2023-38299

Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining...

CVE-2023-38293

Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...