A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://asciinema.org/a/2mwkmDqRZfeAYTu5hHre1r4QB | Broken Link |
https://vuldb.com/?ctiid.280969 | Permissions Required |
https://vuldb.com/?id.280969 | Permissions Required |
https://vuldb.com/?submit.422994 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
24 Oct 2024, 14:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Tecno-mobile
Tecno-mobile 4g Portable Wifi Tr118 Firmware Tecno-mobile 4g Portable Wifi Tr118 |
|
CPE | cpe:2.3:o:tecno-mobile:4g_portable_wifi_tr118_firmware:v008-20220830:*:*:*:*:*:*:* cpe:2.3:h:tecno-mobile:4g_portable_wifi_tr118:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 9.8 |
References | () https://asciinema.org/a/2mwkmDqRZfeAYTu5hHre1r4QB - Broken Link | |
References | () https://vuldb.com/?ctiid.280969 - Permissions Required | |
References | () https://vuldb.com/?id.280969 - Permissions Required | |
References | () https://vuldb.com/?submit.422994 - Third Party Advisory |
21 Oct 2024, 17:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
20 Oct 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-20 09:15
Updated : 2024-10-24 14:28
NVD link : CVE-2024-10195
Mitre link : CVE-2024-10195
CVE.ORG link : CVE-2024-10195
JSON object : View
Products Affected
tecno-mobile
- 4g_portable_wifi_tr118_firmware
- 4g_portable_wifi_tr118
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')