Vulnerabilities > CVE-2019-16241 - Exposure of Resource to Wrong Sphere vulnerability in Alcatelmobile Cingular Flip 2 Firmware B9Huah1

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

alcatelmobile

CWE-668

NVD

Published: 2019-11-26

Updated: 2020-08-24

Summary

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. This file would typically be created via Android Debug Bridge (adb) over USB.

Vulnerable Configurations

Part	Description	Count
OS	Alcatelmobile Alcatelmobile Cingular Flip 2 Firmware B9Huah1	1
Hardware	Alcatelmobile Alcatelmobile Cingularl Flip 2 -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References