VYPR

Vendor CVEs

Tecno

All CVEs

36 total · sorted by risk
  • CVE-2025-6172CriJun 16, 2025
    risk 0.64cvss 9.8epss 0.00

    Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation.

  • CVE-2025-1298CriFeb 14, 2025
    risk 0.64cvss 9.8epss 0.00

    Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.

  • CVE-2024-12603CriDec 13, 2024
    risk 0.64cvss 9.8epss 0.01

    A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.

  • CVE-2024-10018CriOct 16, 2024
    risk 0.64cvss 9.8epss 0.00

    Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.

  • CVE-2024-8039CriSep 14, 2024
    risk 0.64cvss 9.8epss 0.00

    Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.

  • CVE-2024-5163CriJun 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.

  • CVE-2024-3701CriApr 15, 2024
    risk 0.64cvss 9.8epss 0.01

    The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.

  • CVE-2025-2190HigMar 11, 2025
    risk 0.53cvss 8.1epss 0.00

    The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.

  • CVE-2019-15344HigNov 14, 2019
    risk 0.53cvss 8.1epss 0.01

    The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an…

  • CVE-2026-0634HigApr 2, 2026
    risk 0.51cvss 7.8epss 0.01

    Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.

  • CVE-2019-15417HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows…

  • CVE-2019-15351HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported…

  • CVE-2019-15350HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported…

  • CVE-2019-15349HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…

  • CVE-2019-15348HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…

  • CVE-2019-15347HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…

  • CVE-2019-15346HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…

  • CVE-2019-15345HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an…

  • CVE-2019-15343HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an…

  • CVE-2019-15342HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains…

  • CVE-2019-15341HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains…

  • CVE-2025-3698HigApr 16, 2025
    risk 0.49cvss 7.5epss 0.00

    Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.

  • CVE-2025-0590HigJan 20, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk.

  • CVE-2024-11206HigNov 14, 2024
    risk 0.49cvss 7.5epss 0.00

    Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.

  • CVE-2024-7697HigAug 12, 2024
    risk 0.49cvss 7.5epss 0.01

    Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.

  • CVE-2024-4988HigMay 21, 2024
    risk 0.49cvss 7.5epss 0.00

    The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage.

  • CVE-2023-6304HigNov 27, 2023
    risk 0.48cvss 7.2epss 0.10

    A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the…

  • CVE-2025-4737MedMay 15, 2025
    risk 0.40cvss 6.2epss 0.00

    Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage.

  • CVE-2025-68712MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to…

  • CVE-2019-15355MedNov 14, 2019
    risk 0.36cvss 5.5epss 0.00

    The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on…

  • CVE-2025-68709MedMay 26, 2026
    risk 0.34cvss 5.2epss 0.00

    SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI…

  • CVE-2024-10195MedOct 20, 2024
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by…

  • CVE-2024-6780LowJul 16, 2024
    risk 0.21cvss 3.3epss 0.00

    Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.

  • CVE-2025-68708LowMay 26, 2026
    risk 0.16cvss 2.4epss 0.00

    SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure…

  • CVE-2023-52275LowDec 31, 2023
    risk 0.14cvss 2.1epss 0.00

    Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.

  • CVE-2025-15385Jan 6, 2026
    risk 0.00cvss epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.