Design/Logic Flaw

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio...

CVE-2019-14759

The CVE-2019-14759 entry applies to KaiOS 1.0, 2.5, and 2.5.1, affecting the pre-installed Radio app. A local attacker can perform HTML/JavaScript injection to inject arbitrary HTML into the Radio UI, potentially prompting credential re-entry and enabling abuse of the app’s privileges. This descr...

Radio - Exported components, Native code usage, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Radio published at the 'play' market has multiple vulnerabilities...

MDR SPUTNIK – Die Radio-App - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application MDR SPUTNIK – Die Radio-App published at the 'play' market has multiple vulnerabilities...