Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-11136

Nov. 15, 2024, 1:58 p.m.

Product(s) Impacted

TCL Camera application

Description

The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage.

Weaknesses

CWE-35
Path Traversal: '.../...//'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

CWE ID: 35

Date

Published: Nov. 14, 2024, 4:15 p.m.

Last Modified: Nov. 15, 2024, 1:58 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cvd@cert.pl

References