Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for TECNO Pova7 Pro 5G by TECNO Mobile

    CVE-2026-0634 (GCVE-0-2026-0634)

    Vulnerability from nvd – Published: 2026-04-02 08:48 – Updated: 2026-04-02 13:35
    VLAI
    Title
    Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G
    Summary
    Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper neutralization of argument delimiters in a command ('argument injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    TECNO Mobile TECNO Pova7 Pro 5G Affected: HiOS V15.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0634",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T13:35:14.321967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T13:35:18.680Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "TECNO Pova7 Pro 5G",
              "vendor": "TECNO Mobile",
              "versions": [
                {
                  "status": "affected",
                  "version": "HiOS V15.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.\u0026nbsp;\u0026nbsp;"
                }
              ],
              "value": "Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:48:45.687Z",
            "orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
            "shortName": "TECNOMobile"
          },
          "references": [
            {
              "url": "https://security.tecno.com/SRC/securityUpdates"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
        "assignerShortName": "TECNOMobile",
        "cveId": "CVE-2026-0634",
        "datePublished": "2026-04-02T08:48:45.687Z",
        "dateReserved": "2026-01-06T01:33:04.882Z",
        "dateUpdated": "2026-04-02T13:35:18.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0634 (GCVE-0-2026-0634)

    Vulnerability from cvelistv5 – Published: 2026-04-02 08:48 – Updated: 2026-04-02 13:35
    VLAI
    Title
    Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G
    Summary
    Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper neutralization of argument delimiters in a command ('argument injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    TECNO Mobile TECNO Pova7 Pro 5G Affected: HiOS V15.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0634",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T13:35:14.321967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T13:35:18.680Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "TECNO Pova7 Pro 5G",
              "vendor": "TECNO Mobile",
              "versions": [
                {
                  "status": "affected",
                  "version": "HiOS V15.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.\u0026nbsp;\u0026nbsp;"
                }
              ],
              "value": "Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:48:45.687Z",
            "orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
            "shortName": "TECNOMobile"
          },
          "references": [
            {
              "url": "https://security.tecno.com/SRC/securityUpdates"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
        "assignerShortName": "TECNOMobile",
        "cveId": "CVE-2026-0634",
        "datePublished": "2026-04-02T08:48:45.687Z",
        "dateReserved": "2026-01-06T01:33:04.882Z",
        "dateUpdated": "2026-04-02T13:35:18.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }