CVE-2024-11206 - Vulnerability Details - OpenCVE

Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Tecno	Com.transsion.phoenix

No data.

No data.

No data.

References

Link	Providers
https://security.tecno.com/SRC/blogdetail/340?lang=en_US
https://security.tecno.com/SRC/securityUpdates

History

Fri, 05 Sep 2025 07:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-269

Fri, 05 Sep 2025 06:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-359

Thu, 14 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tecno Tecno com.transsion.phoenix
CPEs		cpe:2.3:a:tecno:com.transsion.phoenix::::::::
Vendors & Products		Tecno Tecno com.transsion.phoenix
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 14 Nov 2024 06:45:00 +0000

Type	Values Removed	Values Added
Description		Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.
Weaknesses		CWE-269
References		https://security.tecno.com/SRC/blogdetail/340?lang=en_US https://security.tecno.com/SRC/securityUpdates

MITRE

Status: PUBLISHED

Assigner: TECNOMobile

Published: 2024-11-14T06:27:42.932Z

Updated: 2025-09-05T06:30:24.484Z

Reserved: 2024-11-14T03:37:34.296Z

Link: CVE-2024-11206

Vulnrichment

Updated: 2024-11-14T21:30:38.611Z

NVD

Status : Awaiting Analysis

Published: 2024-11-14T07:15:17.203

Modified: 2025-09-05T07:15:32.807

Link: CVE-2024-11206

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11206", "assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "state": "PUBLISHED", "assignerShortName": "TECNOMobile", "dateReserved": "2024-11-14T03:37:34.296Z", "datePublished": "2024-11-14T06:27:42.932Z", "dateUpdated": "2025-09-05T06:30:24.484Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "com.transsion.phoenix", "vendor": "TECNO", "versions": [{"lessThan": "15.6.0.5020", "status": "affected", "version": "14.1.2.4700", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div>Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.</div></div>"}], "value": "Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information."}], "impacts": [{"capecId": "CAPEC-410", "descriptions": [{"lang": "en", "value": "CAPEC-410 Information Elicitation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "shortName": "TECNOMobile", "dateUpdated": "2025-09-05T06:30:24.484Z"}, "references": [{"url": "https://security.tecno.com/SRC/blogdetail/340?lang=en_US"}, {"url": "https://security.tecno.com/SRC/securityUpdates"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "tecno", "product": "com.transsion.phoenix", "cpes": ["cpe:2.3:a:tecno:com.transsion.phoenix:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "14.1.2.4700", "status": "affected", "lessThan": "15.6.0.5020", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T21:27:10.312640Z", "id": "CVE-2024-11206", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T21:32:32.971Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-11206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-14T21:27:10.312640Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tecno:com.transsion.phoenix:*:*:*:*:*:*:*:*"], "vendor": "tecno", "product": "com.transsion.phoenix", "versions": [{"status": "affected", "version": "14.1.2.4700", "lessThan": "15.6.0.5020", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T21:30:38.611Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-410", "descriptions": [{"lang": "en", "value": "CAPEC-410 Information Elicitation"}]}], "affected": [{"vendor": "TECNO", "product": "com.transsion.phoenix", "versions": [{"status": "affected", "version": "14.1.2.4700", "lessThan": "15.6.0.5020", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://security.tecno.com/SRC/blogdetail/340?lang=en_US"}, {"url": "https://security.tecno.com/SRC/securityUpdates"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.", "supportingMedia": [{"type": "text/html", "value": "<div><div>Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.</div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "shortName": "TECNOMobile", "dateUpdated": "2025-09-05T06:30:24.484Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11206", "state": "PUBLISHED", "dateUpdated": "2025-09-05T06:30:24.484Z", "dateReserved": "2024-11-14T03:37:34.296Z", "assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "datePublished": "2024-11-14T06:27:42.932Z", "assignerShortName": "TECNOMobile"}, "dataVersion": "5.1"}