Filtered by vendor Alcatelmobile Subscriptions
Filtered by product Cingular Flip 2 Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-16243 1 Alcatelmobile 2 Cingular Flip 2, Cingular Flip 2 Firmware 2024-11-21 6.1 Medium
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. (This web API is normally used by the system application to trigger firmware updates via OmaService.js.)
CVE-2019-16242 1 Alcatelmobile 2 Cingular Flip 2, Cingular Flip 2 Firmware 2024-11-21 6.8 Medium
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI.