CVE-2024-10195 MEDIUM

CVE-2024-10195: Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection

Vendor Tecno
Product 4G Portable WiFi TR118
Weakness CWE-89 · SQLi
Published October 20, 2024
Last update October 21, 2024

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

October 20, 2024 CVE published
October 21, 2024 Record updated