Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for hios by tecno

    CVE-2024-3701 (GCVE-0-2024-3701)

    Vulnerability from nvd – Published: 2024-04-15 07:56 – Updated: 2024-08-21 03:07
    VLAI
    Title
    Improper Authentication in com.transsion.kolun.aiservice
    Summary
    The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    TECNO com.transsion.kolun.aiservice Affected: 13.0.0
    Create a notification for this product.
    tecno-mobile hios Affected: 13.0.0
        cpe:2.3:o:tecno-mobile:hios:13.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tecno-mobile:hios:13.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hios",
                "vendor": "tecno-mobile",
                "versions": [
                  {
                    "status": "affected",
                    "version": "13.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3701",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T15:10:10.634794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T15:16:51.326Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:01.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.tecno.com/SRC/blogdetail/236?lang=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.tecno.com/SRC/securityUpdates?type=SA"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "HiOS"
              ],
              "product": "com.transsion.kolun.aiservice",
              "vendor": "TECNO",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The system application (com.transsion.kolun.aiservice) component \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not perform an authentication check\u003c/span\u003e, which allows attackers to perform malicious exploitations and affect system services."
                }
              ],
              "value": "The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T03:07:48.011Z",
            "orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
            "shortName": "TECNOMobile"
          },
          "references": [
            {
              "url": "https://security.tecno.com/SRC/blogdetail/236?lang=en_US"
            },
            {
              "url": "https://security.tecno.com/SRC/securityUpdates?type=SA"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Authentication in com.transsion.kolun.aiservice",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
        "assignerShortName": "TECNOMobile",
        "cveId": "CVE-2024-3701",
        "datePublished": "2024-04-15T07:56:07.521Z",
        "dateReserved": "2024-04-12T08:54:13.659Z",
        "dateUpdated": "2024-08-21T03:07:48.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3701 (GCVE-0-2024-3701)

    Vulnerability from cvelistv5 – Published: 2024-04-15 07:56 – Updated: 2024-08-21 03:07
    VLAI
    Title
    Improper Authentication in com.transsion.kolun.aiservice
    Summary
    The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    TECNO com.transsion.kolun.aiservice Affected: 13.0.0
    Create a notification for this product.
    tecno-mobile hios Affected: 13.0.0
        cpe:2.3:o:tecno-mobile:hios:13.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tecno-mobile:hios:13.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hios",
                "vendor": "tecno-mobile",
                "versions": [
                  {
                    "status": "affected",
                    "version": "13.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3701",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T15:10:10.634794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T15:16:51.326Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:01.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.tecno.com/SRC/blogdetail/236?lang=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.tecno.com/SRC/securityUpdates?type=SA"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "HiOS"
              ],
              "product": "com.transsion.kolun.aiservice",
              "vendor": "TECNO",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The system application (com.transsion.kolun.aiservice) component \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not perform an authentication check\u003c/span\u003e, which allows attackers to perform malicious exploitations and affect system services."
                }
              ],
              "value": "The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T03:07:48.011Z",
            "orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
            "shortName": "TECNOMobile"
          },
          "references": [
            {
              "url": "https://security.tecno.com/SRC/blogdetail/236?lang=en_US"
            },
            {
              "url": "https://security.tecno.com/SRC/securityUpdates?type=SA"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Authentication in com.transsion.kolun.aiservice",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
        "assignerShortName": "TECNOMobile",
        "cveId": "CVE-2024-3701",
        "datePublished": "2024-04-15T07:56:07.521Z",
        "dateReserved": "2024-04-12T08:54:13.659Z",
        "dateUpdated": "2024-08-21T03:07:48.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }