CVE-2024-5163

Published: Jun 17, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.

Related CWEs

Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://security.tecno.com/SRC/blogdetail/267?lang=en_US

Source: 907edf6c-bf03-423e-ab1a-8da27e1aa1ea

https://security.tecno.com/SRC/securityUpdates?type=SA

Source: 907edf6c-bf03-423e-ab1a-8da27e1aa1ea

https://security.tecno.com/SRC/blogdetail/267?lang=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.tecno.com/SRC/securityUpdates

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.