Search
Find a vulnerability
Search criteria
2 vulnerabilities found for TECNO Pova7 Pro 5G by TECNO Mobile
CVE-2026-0634 (GCVE-0-2026-0634)
Vulnerability from nvd – Published: 2026-04-02 08:48 – Updated: 2026-04-02 13:35
VLAI
Title
Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G
Summary
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper neutralization of argument delimiters in a command ('argument injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TECNO Mobile | TECNO Pova7 Pro 5G |
Affected:
HiOS V15.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:35:14.321967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:35:18.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "TECNO Pova7 Pro 5G",
"vendor": "TECNO Mobile",
"versions": [
{
"status": "affected",
"version": "HiOS V15.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.\u0026nbsp;\u0026nbsp;"
}
],
"value": "Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T08:48:45.687Z",
"orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"shortName": "TECNOMobile"
},
"references": [
{
"url": "https://security.tecno.com/SRC/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"assignerShortName": "TECNOMobile",
"cveId": "CVE-2026-0634",
"datePublished": "2026-04-02T08:48:45.687Z",
"dateReserved": "2026-01-06T01:33:04.882Z",
"dateUpdated": "2026-04-02T13:35:18.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0634 (GCVE-0-2026-0634)
Vulnerability from cvelistv5 – Published: 2026-04-02 08:48 – Updated: 2026-04-02 13:35
VLAI
Title
Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G
Summary
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper neutralization of argument delimiters in a command ('argument injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TECNO Mobile | TECNO Pova7 Pro 5G |
Affected:
HiOS V15.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:35:14.321967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:35:18.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "TECNO Pova7 Pro 5G",
"vendor": "TECNO Mobile",
"versions": [
{
"status": "affected",
"version": "HiOS V15.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.\u0026nbsp;\u0026nbsp;"
}
],
"value": "Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T08:48:45.687Z",
"orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"shortName": "TECNOMobile"
},
"references": [
{
"url": "https://security.tecno.com/SRC/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"assignerShortName": "TECNOMobile",
"cveId": "CVE-2026-0634",
"datePublished": "2026-04-02T08:48:45.687Z",
"dateReserved": "2026-01-06T01:33:04.882Z",
"dateUpdated": "2026-04-02T13:35:18.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}