CVE-2024-12993
CVE-2024-12993
Título es
CVE-2024-12993
Lun, 30/12/2024 – 11:15
Tipo
CWE-497
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-12993
Descripción en
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges.
After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
30/12/2024
30/12/2024
Vector CVSS:4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Gravedad 4.0
4.80
Gravedad 4.0 txt
MEDIUM
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis
Referencias
Enviar en el boletín
Off
