CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-5163

CVSS 9.8v3.1pub. 2024-06-17upd. 2026-04-15

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.

🤖 AI Analysis
How it works

Improper permission configuration (CWE-732) in the mobile application com.transsion.carlcare causes sensitive resources or application features to be available in a broader scope than they should be. Improper permission management (CWE-280) may allow unauthorized applications or processes to access authentication data stored or processed by the application. The network vector (AV:N) without authentication requirements or user interaction indicates that the vulnerability can be exploited remotely.

Impact

An attacker can gain unauthorized access to passwords and user account data, which may lead to complete account takeover and violations of data confidentiality, integrity, and availability.

Mitigation & patch

Security patches available from the manufacturer should be applied in accordance with references published by Tecno Security Response Center at https://security.tecno.com/SRC/blogdetail/267?lang=en_US and https://security.tecno.com/SRC/securityUpdates

Who is affected

Mobile application com.transsion.carlcare — versions specified in manufacturer references (Tecno/Transsion Security)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References