In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
References
Link | Resource |
---|---|
https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
17 Oct 2024, 17:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
CPE | cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:* |
|
CWE | CWE-77 | |
First Time |
Unisoc t616
Unisoc s8000 Unisoc sc9832e Unisoc t760 Unisoc t612 Unisoc t610 Unisoc sc7731e Unisoc sc9863a Unisoc t820 Unisoc Unisoc t310 Google android Unisoc t606 Unisoc t770 Unisoc t618 |
|
References | () https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 - Vendor Advisory |
10 Oct 2024, 12:51
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-09 07:15
Updated : 2024-10-17 17:19
NVD link : CVE-2024-39438
Mitre link : CVE-2024-39438
CVE.ORG link : CVE-2024-39438
JSON object : View
Products Affected
- android
unisoc
- sc9832e
- sc9863a
- t612
- t616
- s8000
- t610
- sc7731e
- t310
- t606
- t760
- t618
- t770
- t820
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')