CVE-2019-16242
MEDIUMTCL Alcatel Cingular Flip 2 B9HUAH1 - Command Injection
Title source: llmDescription
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories
Exploit, Third Party Advisory x_refsource_misc
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/
Scores
CVSS v3
6.8
EPSS
0.0112
EPSS Percentile
62.2%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
alcatelmobile/cingular_flip_2_firmware
b9huah1
Published
Nov 26, 2019
Tracked Since
Feb 18, 2026