In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
References
Link | Resource |
---|---|
https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
17 Oct 2024, 17:18
Type | Values Removed | Values Added |
---|---|---|
First Time |
Google android
|
|
CPE | cpe:2.3:o:unisoc:t610_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t616_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t618_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t612_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t606_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc9832e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc9863a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc7731e_firmware:-:*:*:*:*:*:*:* |
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* |
17 Oct 2024, 16:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Unisoc t310 Firmware
Unisoc t612 Firmware Unisoc sc7731e Firmware Unisoc t310 Unisoc t612 Unisoc sc9832e Unisoc t606 Firmware Unisoc s8000 Unisoc s8000 Firmware Unisoc t820 Unisoc t610 Firmware Unisoc sc9863a Firmware Unisoc t770 Firmware Unisoc t820 Firmware Unisoc Unisoc t770 Unisoc t616 Unisoc sc7731e Unisoc t616 Firmware Unisoc t606 Unisoc sc9863a Unisoc t618 Unisoc t618 Firmware Unisoc sc9832e Firmware Unisoc t760 Firmware Unisoc t610 Unisoc t760 |
|
CPE | cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t616_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t612_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t606_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc9832e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t310_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t610_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t618_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:* cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc9863a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:unisoc:sc7731e_firmware:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
CWE | CWE-77 | |
References | () https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 - Vendor Advisory |
10 Oct 2024, 12:51
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-09 07:15
Updated : 2024-10-17 17:18
NVD link : CVE-2024-39437
Mitre link : CVE-2024-39437
CVE.ORG link : CVE-2024-39437
JSON object : View
Products Affected
unisoc
- sc7731e
- s8000
- t820
- t310
- sc9832e
- t618
- t612
- t770
- t760
- t616
- sc9863a
- t606
- t610
- android
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')