CVE-2024-39438

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-39438
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
OR cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*
History

17 Oct 2024, 17:19

Type Values Removed Values Added
First Time Unisoc sc9863a
Unisoc t820
Google
Unisoc t618
Unisoc sc7731e
Unisoc sc9832e
Unisoc s8000
Unisoc
Unisoc t606
Unisoc t612
Unisoc t310
Unisoc t610
Unisoc t770
Google android
Unisoc t760
Unisoc t616
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 6.7
References () https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 - () https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 - Vendor Advisory
CWE CWE-77
CPE cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En el servicio linkturbonative, es posible que se produzca una inyección de comandos debido a una validación de entrada incorrecta. Esto podría provocar una escalada local de privilegios, con la necesidad de permisos de ejecución de System.

09 Oct 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-09 07:15

Updated : 2024-10-17 17:19

NVD link : CVE-2024-39438

Mitre link : CVE-2024-39438

CVE.ORG link : CVE-2024-39438

JSON object : View

Products Affected

unisoc

  • sc9863a
  • t770
  • s8000
  • t610
  • t616
  • t760
  • t820
  • t606
  • sc9832e
  • t618
  • t612
  • t310
  • sc7731e

google

  • android
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')