CVE-2019-16242

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:alcatelmobile:cingular_flip_2_firmware:b9huah1:*:*:*:*:*:*:*
cpe:2.3:h:alcatelmobile:cingular_flip_2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:30

Type Values Removed Values Added
References () https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories - Third Party Advisory () https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories - Third Party Advisory
References () https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/ - Exploit, Third Party Advisory () https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/ - Exploit, Third Party Advisory

Information

Published : 2019-11-26 16:15

Updated : 2024-11-21 04:30


NVD link : CVE-2019-16242

Mitre link : CVE-2019-16242

CVE.ORG link : CVE-2019-16242


JSON object : View

Products Affected

alcatelmobile

  • cingular_flip_2_firmware
  • cingular_flip_2
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')