CVE-2019-14319

MEDIUM

TikTok 12.2.0 - Cleartext Transmission of Sensitive Information

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14319. PoCs published by MelroyB.

Description

The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.

Exploits (1)

nomisec NO CODE 5 stars

by MelroyB · poc

https://github.com/MelroyB/CVE-2019-14319

View Code ZIP pw:eip

References (4)

Core 4

Core References

Product x_refsource_misc

https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en_US

Not Applicable x_refsource_misc

http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg

Not Applicable x_refsource_misc

http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image

Third Party Advisory x_refsource_misc

https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf

View Writeup ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0145

EPSS Percentile 81.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-319

Status published

Products (8)

tiktok/tiktok 12.2.0

tiktok/tiktok 12.3.0

tiktok/tiktok 12.4.0

tiktok/tiktok 12.5.0

tiktok/tiktok 12.6.0

tiktok/tiktok 12.6.1

tiktok/tiktok 12.7.0

tiktok/tiktok 12.8.0

Published Sep 04, 2019

Tracked Since Feb 18, 2026