CVE-2024-39437

In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
OR cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*

History

17 Oct 2024, 17:18

Type Values Removed Values Added
First Time Google android
Google
CPE cpe:2.3:o:unisoc:t310_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t610_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t618_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t612_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t606_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc9832e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc9863a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc7731e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

17 Oct 2024, 16:48

Type Values Removed Values Added
First Time Unisoc t310 Firmware
Unisoc t612 Firmware
Unisoc sc7731e Firmware
Unisoc t310
Unisoc t612
Unisoc sc9832e
Unisoc t606 Firmware
Unisoc s8000
Unisoc s8000 Firmware
Unisoc t820
Unisoc t610 Firmware
Unisoc sc9863a Firmware
Unisoc t770 Firmware
Unisoc t820 Firmware
Unisoc
Unisoc t770
Unisoc t616
Unisoc sc7731e
Unisoc t616 Firmware
Unisoc t606
Unisoc sc9863a
Unisoc t618
Unisoc t618 Firmware
Unisoc sc9832e Firmware
Unisoc t760 Firmware
Unisoc t610
Unisoc t760
CPE cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t612_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t606_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc9832e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t310_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t610_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t618_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc9863a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:unisoc:sc7731e_firmware:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 6.7
CWE CWE-77
References () https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 - () https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 - Vendor Advisory

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En el servicio linkturbonative, es posible que se produzca una inyección de comandos debido a una validación de entrada incorrecta. Esto podría provocar una escalada local de privilegios, con la necesidad de permisos de ejecución de System.

09 Oct 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 07:15

Updated : 2024-10-17 17:18


NVD link : CVE-2024-39437

Mitre link : CVE-2024-39437

CVE.ORG link : CVE-2024-39437


JSON object : View

Products Affected

unisoc

  • sc7731e
  • s8000
  • t820
  • t310
  • sc9832e
  • t618
  • t612
  • t770
  • t760
  • t616
  • sc9863a
  • t606
  • t610

google

  • android
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')