ID
VAR-201911-0486
CVE
CVE-2019-15417
TITLE
Tecno Spark Pro Android Vulnerability with improper permission assignment to critical resources on devices
Trust: 0.8
DESCRIPTION
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. This capability can be accessed by any app co-located on the device. Tecno Spark Pro Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tecno Spark Pro is a smartphone. Tecno Spark Pro has an unknown vulnerability. An attacker could use this vulnerability to unauthorizedly load dynamic code
Trust: 2.16
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tecno | model: | spark pro | scope: | - | version: | - | Trust: 1.4 |
| vendor: | tecno | model: | spark pro | scope: | eq | version: | - | Trust: 1.0 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-732 | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
other
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | SPARK Pro | url: | https://www.tecno-mobile.com/phones/product-detail/product/spark-pro/#/ | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-15417 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-012408 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-16028 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201911-920 | Trust: 0.6 |
REFERENCES
| url: | https://www.kryptowire.com/android-firmware-2019/ | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-15417 | Trust: 2.0 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15417 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2020-16028 |
| db: | JVNDB | id: | JVNDB-2019-012408 |
| db: | CNNVD | id: | CNNVD-201911-920 |
| db: | NVD | id: | CVE-2019-15417 |
LAST UPDATE DATE
2024-11-23T22:44:47.960000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-16028 | date: | 2020-03-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-012408 | date: | 2019-12-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-201911-920 | date: | 2020-08-25T00:00:00 |
| db: | NVD | id: | CVE-2019-15417 | date: | 2024-11-21T04:28:40.907 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-16028 | date: | 2020-03-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-012408 | date: | 2019-12-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-201911-920 | date: | 2019-11-14T00:00:00 |
| db: | NVD | id: | CVE-2019-15417 | date: | 2019-11-14T17:15:20.960 |