In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
References
Link | Resource |
---|---|
https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
17 Oct 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:unisoc:sc9832e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t606_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc7731e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc9863a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t618_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t616_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t612_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t310_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:* |
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* |
First Time |
Google
Google android |
17 Oct 2024, 16:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
First Time |
Unisoc t612 Firmware
Unisoc t610 Firmware Unisoc t606 Unisoc t616 Unisoc s8000 Unisoc t606 Firmware Unisoc sc9832e Unisoc t760 Unisoc t612 Unisoc t616 Firmware Unisoc sc7731e Unisoc t310 Firmware Unisoc t610 Unisoc sc9863a Unisoc t820 Firmware Unisoc t760 Firmware Unisoc t618 Firmware Unisoc t820 Unisoc sc9832e Firmware Unisoc Unisoc t770 Firmware Unisoc sc9863a Firmware Unisoc t310 Unisoc t770 Unisoc sc7731e Firmware Unisoc s8000 Firmware Unisoc t618 |
|
CWE | CWE-77 | |
CPE | cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t610_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc9863a_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t612_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc9832e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t606_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t618_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc7731e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t616_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t310_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:* |
10 Oct 2024, 12:51
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-09 07:15
Updated : 2024-10-17 17:16
NVD link : CVE-2024-39436
Mitre link : CVE-2024-39436
CVE.ORG link : CVE-2024-39436
JSON object : View
Products Affected
unisoc
- t760
- t770
- t310
- sc9832e
- t606
- t616
- t610
- sc9863a
- t820
- t612
- s8000
- sc7731e
- t618
- android
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')