Vulnerability Details CVE-2019-16241
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. This file would typically be created via Android Debug Bridge (adb) over USB.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.7%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.6
References
- https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories
- https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/#C
- https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories
- https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/#C
Products affected by CVE-2019-16241
-
cpe:2.3:h:alcatelmobile:cingularl_flip_2:-
-
cpe:2.3:o:alcatelmobile:cingular_flip_2_firmware:b9huah1