On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI.
References
| Link | Resource |
|---|---|
| https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories | Third Party Advisory |
| https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/ | Exploit Third Party Advisory |
| https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories | Third Party Advisory |
| https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 04:30
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories - Third Party Advisory | |
| References | () https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/ - Exploit, Third Party Advisory |
Information
Published : 2019-11-26 16:15
Updated : 2024-11-21 04:30
NVD link : CVE-2019-16242
Mitre link : CVE-2019-16242
CVE.ORG link : CVE-2019-16242
JSON object : View
Products Affected
alcatelmobile
- cingular_flip_2
- cingular_flip_2_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')