CVE-2024-11136
Path Traversal: '.../...//' (CWE-35)
Summary
The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user's external storage.
Impact
This vulnerability allows a malicious application to delete arbitrary files from the user's external storage. This can lead to loss of important user data, potentially affecting the integrity and availability of user information. The attack has a high impact on system integrity, as indicated by the CVSS v4 score.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
Based on the provided information, there is no mention of an available patch for this vulnerability.
Mitigation
While no specific mitigation is mentioned, general recommendations may include: 1. Disable or uninstall the default TCL Camera application if not in use. 2. Restrict installation of untrusted applications. 3. Regularly backup important files stored in external storage. 4. Monitor for any suspicious activity or unexpected file deletions. 5. Wait for an official patch or update from TCL and apply it as soon as it becomes available.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Timeline
NVD published the first details for CVE-2024-11136
A CVSS base score of 8.2 has been assigned.
Feedly found the first article mentioning CVE-2024-11136. See article
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.05% (Percentile: 16.9%)