Overview
- Description
- On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:alcatelmobile:cingular_flip_2_firmware:b9huah1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59C5C60C-6507-4FDF-AE22-2CED02B75181"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:alcatelmobile:cingular_flip_2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5E9B27D7-19E6-4380-95EC-CE5303B608B9"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]