PT-2024-16782 · Tcl · Tcl Camera
Szymon Chadam
·
Published
2024-11-14
·
Updated
2024-11-17
·
CVE-2024-11136
CVSS v4.0
8.2
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TCL products (affected versions not specified)
Description
The default TCL Camera application has a path traversal vulnerability in its provider. A malicious application can supply a malicious URI path, allowing it to delete arbitrary files from the user's external storage. There have been reports of this issue being exploited for remote code execution in specific TCL product models.
Recommendations
Update to the latest firmware as detailed in the advisory to resolve the issue.
As a temporary workaround, consider restricting access to the TCL Camera application's provider to minimize the risk of exploitation.
Ensure you follow the remediation guidelines provided to mitigate risks associated with this issue.
At the moment, there is no information about specific versions that contain a fix for this vulnerability, so updating to the latest firmware is the recommended course of action.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tcl Camera