Lucene search

PRIOn knowledge basePRION:CVE-2020-28055

HistoryNov 10, 2020 - 6:15 p.m.

Design/Logic Flaw

2020-11-1018:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.5%

JSON

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder.

CPENameOperatorVersion
32s330_firmwareeq< v8r851t10lf1v91
40s330_firmwareeq< v8r851t10lf1v91
43s434_firmwareeq< v8r851t2lf1v440
50s434_firmwareeq< v8r851t2lf1v440
55s434_firmwareeq< v8r851t2lf1v440
65s434_firmwareeq< v8r851t2lf1v440
75s434_firmwareeq< v8r851t2lf1v440

Name	Operator	Version
32s330_firmware	eq	< v8r851t10lf1v91
40s330_firmware	eq	< v8r851t10lf1v91
43s434_firmware	eq	< v8r851t2lf1v440
50s434_firmware	eq	< v8r851t2lf1v440
55s434_firmware	eq	< v8r851t2lf1v440
65s434_firmware	eq	< v8r851t2lf1v440
75s434_firmware	eq	< v8r851t2lf1v440

References

github.com/sickcodes/security/blob/master/advisories/SICK-2020-012.md

github.com/sickcodes/security/blob/master/etc/CVE-2020-27403_CVE-2020-28055_GlobalFAQ.pdf

github.com/sickcodes/security/blob/master/etc/CVE-2020-27403_CVE-2020-28055_Press-Statement-and-Questions_11162020.pdf

securityledger.com/2020/11/security-holes-opened-back-door-to-tcl-android-smart-tvs/

securityledger.com/2020/11/tv-maker-tcl-denies-back-door-promises-better-process/

sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/

sick.codes/sick-2020-012

support.tcl.com/vulnerabilities-found-in-tcl-android-tvs

twitter.com/johnjhacking/

twitter.com/sickcodes/