CVE-2024-39436

In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
OR cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*

History

17 Oct 2024, 17:16

Type Values Removed Values Added
CPE cpe:2.3:o:unisoc:t610_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc9832e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t606_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc7731e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc9863a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t618_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t612_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t310_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
First Time Google
Google android

17 Oct 2024, 16:51

Type Values Removed Values Added
References () https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 - () https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 - Vendor Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 6.7
CPE cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t610_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc9863a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t612_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc9832e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t606_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t618_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc7731e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t310_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:*
First Time Unisoc t612 Firmware
Unisoc t610 Firmware
Unisoc t606
Unisoc t616
Unisoc s8000
Unisoc t606 Firmware
Unisoc sc9832e
Unisoc t760
Unisoc t612
Unisoc t616 Firmware
Unisoc sc7731e
Unisoc t310 Firmware
Unisoc t610
Unisoc sc9863a
Unisoc t820 Firmware
Unisoc t760 Firmware
Unisoc t618 Firmware
Unisoc t820
Unisoc sc9832e Firmware
Unisoc
Unisoc t770 Firmware
Unisoc sc9863a Firmware
Unisoc t310
Unisoc t770
Unisoc sc7731e Firmware
Unisoc s8000 Firmware
Unisoc t618
CWE CWE-77

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En el servicio linkturbonative, es posible que se produzca una inyección de comandos debido a una validación de entrada incorrecta. Esto podría provocar una escalada local de privilegios, con la necesidad de permisos de ejecución de System.

09 Oct 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 07:15

Updated : 2024-10-17 17:16


NVD link : CVE-2024-39436

Mitre link : CVE-2024-39436

CVE.ORG link : CVE-2024-39436


JSON object : View

Products Affected

google

  • android

unisoc

  • sc9832e
  • sc9863a
  • t612
  • t616
  • s8000
  • t610
  • sc7731e
  • t310
  • t606
  • t760
  • t618
  • t770
  • t820
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')