CVE-2024-11136 - OpenCVE

The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/#path-traversal-when-using-data-from-uri
https://cert.pl/en/posts/2024/11/CVE-2024-11136/
https://cert.pl/posts/2024/11/CVE-2024-11136/

History

Thu, 14 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 14 Nov 2024 15:30:00 +0000

Type	Values Removed	Values Added
Description		The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage.
Title		Arbitrary file removal via path traversal in TCL Camera
Weaknesses		CWE-35
References		https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/#path-traversal-when-using-data-from-uri https://cert.pl/en/posts/2024/11/CVE-2024-11136/ https://cert.pl/posts/2024/11/CVE-2024-11136/
Metrics		cvssV4_0 `{'score': 8.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-11-14T15:25:18.693Z

Updated: 2024-11-14T15:59:14.006Z

Reserved: 2024-11-12T12:11:03.801Z

Link: CVE-2024-11136

Vulnrichment

Updated: 2024-11-14T15:59:09.250Z

NVD

Status : Awaiting Analysis

Published: 2024-11-14T16:15:18.273

Modified: 2024-11-15T13:58:08.913

Link: CVE-2024-11136

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11136", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2024-11-12T12:11:03.801Z", "datePublished": "2024-11-14T15:25:18.693Z", "dateUpdated": "2024-11-14T15:59:14.006Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Android"], "product": "Camera", "vendor": "TCL", "versions": [{"status": "affected", "version": "v6.00.04.0067.3.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Szymon Chadam"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user\u2019s external storage."}], "value": "The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user\u2019s external storage."}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.2, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-35", "description": "CWE-35 Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-11-14T15:25:18.693Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/11/CVE-2024-11136/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/11/CVE-2024-11136/"}, {"tags": ["related"], "url": "https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/#path-traversal-when-using-data-from-uri"}], "source": {"discovery": "UNKNOWN"}, "title": "Arbitrary file removal via path traversal in TCL Camera", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T15:58:56.125287Z", "id": "CVE-2024-11136", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T15:59:14.006Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11136", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-14T15:58:56.125287Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T15:59:09.250Z"}}], "cna": {"title": "Arbitrary file removal via path traversal in TCL Camera", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Szymon Chadam"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TCL", "product": "Camera", "versions": [{"status": "affected", "version": "v6.00.04.0067.3.0"}], "platforms": ["Android"], "defaultStatus": "unknown"}], "references": [{"url": "https://cert.pl/en/posts/2024/11/CVE-2024-11136/", "tags": ["third-party-advisory"]}, {"url": "https://cert.pl/posts/2024/11/CVE-2024-11136/", "tags": ["third-party-advisory"]}, {"url": "https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/#path-traversal-when-using-data-from-uri", "tags": ["related"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user\u2019s external storage.", "supportingMedia": [{"type": "text/html", "value": "The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user\u2019s external storage.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-35", "description": "CWE-35 Path Traversal"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-11-14T15:25:18.693Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11136", "state": "PUBLISHED", "dateUpdated": "2024-11-14T15:59:14.006Z", "dateReserved": "2024-11-12T12:11:03.801Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2024-11-14T15:25:18.693Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user\u2019s external storage."}, {"lang": "es", "value": "La aplicaci\u00f3n predeterminada de la c\u00e1mara TCL expone a un proveedor vulnerable a una vulnerabilidad de path traversal. La aplicaci\u00f3n maliciosa puede proporcionar una ruta URI maliciosa y eliminar archivos arbitrarios del almacenamiento externo del usuario."}], "id": "CVE-2024-11136", "lastModified": "2024-11-15T13:58:08.913", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "HIGH"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2024-11-14T16:15:18.273", "references": [{"source": "cvd@cert.pl", "url": "https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/#path-traversal-when-using-data-from-uri"}, {"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2024/11/CVE-2024-11136/"}, {"source": "cvd@cert.pl", "url": "https://cert.pl/posts/2024/11/CVE-2024-11136/"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-35"}], "source": "cvd@cert.pl", "type": "Secondary"}]}