Sign-up

ID

VAR-201911-0938


CVE

CVE-2019-16242


TITLE

TCL Communication Alcatel Cingular Flip 2 B9HUAH1 operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-20165 // CNNVD: CNNVD-201911-1404

DESCRIPTION

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI. TCL Communication Alcatel Cingular Flip 2 B9HUAH1 is a mobile phone of China TCL Communication (TCL Communication) company. omamock is one of the components. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands

Trust: 2.16

sources: NVD: CVE-2019-16242 // JVNDB: JVNDB-2019-012731 // CNVD: CNVD-2020-20165

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20165

AFFECTED PRODUCTS

vendor:alcatelmobilemodel:cingular flip 2scope:eqversion:b9huah1

Trust: 1.6

vendor:tcl communication holdings tcl communicationmodel:alcatel cingular flip 2scope:eqversion:b9huah1

Trust: 0.8

vendor:tclmodel:communication alcatel cingular flip b9huah1scope:eqversion:2

Trust: 0.6

vendor:alcatelmobilemodel:cingular flip 2scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-20165 // JVNDB: JVNDB-2019-012731 // CNNVD: CNNVD-201911-1404 // NVD: CVE-2019-16242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16242
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-16242
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-20165
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201911-1404
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-16242
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-20165
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16242
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16242
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20165 // JVNDB: JVNDB-2019-012731 // CNNVD: CNNVD-201911-1404 // NVD: CVE-2019-16242

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-012731 // NVD: CVE-2019-16242

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201911-1404

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012731

PATCH
title:Top Pageurl:https://us.alcatelmobile.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012731

EXTERNAL IDS
db:NVDid:CVE-2019-16242
Trust: 3.0
db:JVNDBid:JVNDB-2019-012731
Trust: 0.8
db:CNVDid:CNVD-2020-20165
Trust: 0.6
db:CNNVDid:CNNVD-201911-1404
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20165 // 
            
            
            
            JVNDB: JVNDB-2019-012731 // 
            
            
            
            CNNVD: CNNVD-201911-1404 // 
            
            
            
            NVD: CVE-2019-16242

REFERENCES
url:https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/
Trust: 2.4
url:https://www.nccgroup.trust/uk/our-research/?research=technical+advisories
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-16242
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16242
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-20165 // 
            
            
            
            JVNDB: JVNDB-2019-012731 // 
            
            
            
            CNNVD: CNNVD-201911-1404 // 
            
            
            
            NVD: CVE-2019-16242

SOURCES
db:CNVDid:CNVD-2020-20165
db:JVNDBid:JVNDB-2019-012731
db:CNNVDid:CNNVD-201911-1404
db:NVDid:CVE-2019-16242

LAST UPDATE DATE
2024-11-23T23:04:35.707000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20165date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-012731date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-1404date:2019-12-12T00:00:00
db:NVDid:CVE-2019-16242date:2024-11-21T04:30:21.640

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20165date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-012731date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-1404date:2019-11-26T00:00:00
db:NVDid:CVE-2019-16242date:2019-11-26T16:15:12.370