CVE-2020-13839

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2020-13839
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://lgsecurity.lge.com/ Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:7.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
OR cpe:2.3:h:lg:cv1:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:cv1s:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:cv3:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:cv5:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:cv7:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:cv7as:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:dh10:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:dh15:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:dh30:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:dh35:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:dh40:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:q6:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:q8:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:x300:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:x400:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:x500:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:v30:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:v20:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:g6:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:g7:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:v40:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:g8:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:v35:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:v50:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:v60:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:k20:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:k30:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:k40:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:k50:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:q60:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:q70:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:dh5:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:dh50:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:x_cam:-:*:*:*:*:*:*:*
Information

Published : 2020-06-04 17:15

Updated : 2020-06-11 08:27

NVD link : CVE-2020-13839

Mitre link : CVE-2020-13839

JSON object : View

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Advertisement

dedicated server usa
Products Affected

lg

  • dh10
  • q60
  • v60
  • k20
  • g8
  • cv5
  • dh40
  • k30
  • k40
  • q8
  • cv7
  • g6
  • dh50
  • x300
  • v50
  • dh30
  • v20
  • x400
  • g7
  • dh5
  • v35
  • dh35
  • cv7as
  • v40
  • cv1s
  • v30
  • k50
  • q6
  • cv1
  • cv3
  • dh15
  • x500
  • q70
  • x_cam

google

  • android