First published: Tue Nov 10 2020(Updated: )
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tcl 32s330 Firmware | <v8-r851t10-lf1v091 | |
Tcl 32s330 | ||
Tcl 40s330 Firmware | <v8-r851t10-lf1v091 | |
Tcl 40s330 | ||
Tcl 43s434 Firmware | <v8-r851t02-lf1v440 | |
Tcl 43s434 | ||
Tcl 50s434 Firmware | <v8-r851t02-lf1v440 | |
Tcl 50s434 | ||
Tcl 55s434 Firmware | <v8-r851t02-lf1v440 | |
Tcl 55s434 | ||
Tcl 65s434 Firmware | <v8-r851t02-lf1v440 | |
Tcl 65s434 | ||
Tcl 75s434 Firmware | <v8-r851t02-lf1v440 | |
Tcl 75s434 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.