3 matches found
CVE-2019-16242
CVE-2019-16242 affects the OC engineering app omamock on TCL Alcatel Cingular Flip 2 B9HUAH1. The vulnerability is OS command injection arising from inadequate input handling when constructing OS commands, enabling an attacker with physical access to execute arbitrary commands as root via the app...
CVE-2019-16241
CVE-2019-16241 affects TCL Alcatel Cingular Flip 2 B9HUAH1: PIN authentication can be bypassed by placing a specially crafted file in /data/local/tmp/. The System lock-screen app checks for this file’s existence and disables PIN if found, typically via ADB over USB. This is the explicit, device-s...
CVE-2019-16243
CVE-2019-16243 affects TCL Alcatel Cingular Flip 2 B9HUAH1. An undocumented web API accessible from unprivileged JavaScript (including KaiOS browser) lets an attacker view and edit the device’s firmware OTA update settings; this API is normally used by OmaService.js by the system app. The root ca...