Vendor CVEs
Tecno
All CVEs
36 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6172 | Cri | 0.64 | 9.8 | 0.00 | Jun 16, 2025 | Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation. | ||
| CVE-2025-1298 | Cri | 0.64 | 9.8 | 0.00 | Feb 14, 2025 | Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover. | ||
| CVE-2024-12603 | Cri | 0.64 | 9.8 | 0.01 | Dec 13, 2024 | A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password. | ||
| CVE-2024-10018 | Cri | 0.64 | 9.8 | 0.00 | Oct 16, 2024 | Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. | ||
| CVE-2024-8039 | Cri | 0.64 | 9.8 | 0.00 | Sep 14, 2024 | Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks. | ||
| CVE-2024-5163 | Cri | 0.64 | 9.8 | 0.01 | Jun 17, 2024 | Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks. | ||
| CVE-2024-3701 | Cri | 0.64 | 9.8 | 0.01 | Apr 15, 2024 | The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. | ||
| CVE-2025-2190 | Hig | 0.53 | 8.1 | 0.00 | Mar 11, 2025 | The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks. | ||
| CVE-2019-15344 | Hig | 0.53 | 8.1 | 0.01 | Nov 14, 2019 | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an… | ||
| CVE-2026-0634 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2026 | Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection. | ||
| CVE-2019-15417 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows… | ||
| CVE-2019-15351 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported… | ||
| CVE-2019-15350 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported… | ||
| CVE-2019-15349 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an… | ||
| CVE-2019-15348 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an… | ||
| CVE-2019-15347 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an… | ||
| CVE-2019-15346 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an… | ||
| CVE-2019-15345 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an… | ||
| CVE-2019-15343 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an… | ||
| CVE-2019-15342 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains… | ||
| CVE-2019-15341 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains… | ||
| CVE-2025-3698 | Hig | 0.49 | 7.5 | 0.00 | Apr 16, 2025 | Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk. | ||
| CVE-2025-0590 | Hig | 0.49 | 7.5 | 0.00 | Jan 20, 2025 | Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. | ||
| CVE-2024-11206 | Hig | 0.49 | 7.5 | 0.00 | Nov 14, 2024 | Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. | ||
| CVE-2024-7697 | Hig | 0.49 | 7.5 | 0.01 | Aug 12, 2024 | Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. | ||
| CVE-2024-4988 | Hig | 0.49 | 7.5 | 0.00 | May 21, 2024 | The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage. | ||
| CVE-2023-6304 | Hig | 0.48 | 7.2 | 0.10 | Nov 27, 2023 | A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the… | ||
| CVE-2025-4737 | Med | 0.40 | 6.2 | 0.00 | May 15, 2025 | Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage. | ||
| CVE-2025-68712 | Med | 0.36 | 5.5 | 0.00 | May 27, 2026 | SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to… | ||
| CVE-2019-15355 | Med | 0.36 | 5.5 | 0.00 | Nov 14, 2019 | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on… | ||
| CVE-2025-68709 | Med | 0.34 | 5.2 | 0.00 | May 26, 2026 | SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI… | ||
| CVE-2024-10195 | Med | 0.31 | 4.7 | 0.00 | Oct 20, 2024 | A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by… | ||
| CVE-2024-6780 | Low | 0.21 | 3.3 | 0.00 | Jul 16, 2024 | Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks. | ||
| CVE-2025-68708 | Low | 0.16 | 2.4 | 0.00 | May 26, 2026 | SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure… | ||
| CVE-2023-52275 | Low | 0.14 | 2.1 | 0.00 | Dec 31, 2023 | Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. | ||
| CVE-2025-15385 | 0.00 | — | 0.00 | Jan 6, 2026 | Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63. |
- risk 0.64cvss 9.8epss 0.00
Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation.
- risk 0.64cvss 9.8epss 0.00
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.
- risk 0.64cvss 9.8epss 0.01
A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.
- risk 0.64cvss 9.8epss 0.00
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.
- risk 0.64cvss 9.8epss 0.00
Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.
- risk 0.64cvss 9.8epss 0.01
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.
- risk 0.64cvss 9.8epss 0.01
The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.
- risk 0.53cvss 8.1epss 0.00
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.
- risk 0.53cvss 8.1epss 0.01
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an…
- risk 0.51cvss 7.8epss 0.01
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.
- risk 0.51cvss 7.8epss 0.00
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains…
- risk 0.49cvss 7.5epss 0.00
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.
- risk 0.49cvss 7.5epss 0.00
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk.
- risk 0.49cvss 7.5epss 0.00
Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.
- risk 0.49cvss 7.5epss 0.01
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.
- risk 0.49cvss 7.5epss 0.00
The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage.
- risk 0.48cvss 7.2epss 0.10
A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the…
- risk 0.40cvss 6.2epss 0.00
Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage.
- risk 0.36cvss 5.5epss 0.00
SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to…
- risk 0.36cvss 5.5epss 0.00
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on…
- risk 0.34cvss 5.2epss 0.00
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by…
- risk 0.21cvss 3.3epss 0.00
Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.
- risk 0.16cvss 2.4epss 0.00
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure…
- risk 0.14cvss 2.1epss 0.00
Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.
- CVE-2025-15385Jan 6, 2026risk 0.00cvss —epss 0.00
Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.