CVE-2019-16253

HIGH

SamsungTTS <3.0.02.7 & 3.0.00.101 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16253. PoCs published by k0mraid3.

AI-analyzed exploit summary This repository provides a functional exploit for CVE-2019-16253, leveraging a privilege escalation vulnerability in Samsung's TTS engine. The exploit involves downgrading the TTS app to a vulnerable version and executing arbitrary code with system privileges (UID 1000) via a crafted APK and ADB commands.

Description

The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.

Exploits (1)

nomisec WORKING POC 84 stars
by k0mraid3 · poc
https://github.com/k0mraid3/K0mraid3s-System-Shell-PREBUILT

This repository provides a functional exploit for CVE-2019-16253, leveraging a privilege escalation vulnerability in Samsung's TTS engine. The exploit involves downgrading the TTS app to a vulnerable version and executing arbitrary code with system privileges (UID 1000) via a crafted APK and ADB commands.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Samsung TTS engine (versions prior to 3.0.02.7)
Auth required
Prerequisites: ADB access · USB debugging enabled · Vulnerable Samsung TTS app version · Device running Android 10+
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Scores

CVSS v3 7.8
EPSS 0.0119
EPSS Percentile 64.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
samsung/text-to-speech < 3.0.00.101
Published Sep 25, 2019
Tracked Since Feb 18, 2026