CVE-2023-38295
📋 TL;DR
This vulnerability allows third-party apps to perform arbitrary file read/write operations with system privileges on affected TCL Android devices. The exploit requires no user interaction beyond installing a malicious app that requests a missing permission. Affected devices include TCL 30Z and TCL 10L with specific software builds.
💻 Affected Systems
- TCL 30Z
- TCL 10L
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise including data theft, persistent malware installation, and privilege escalation to system-level access.
Likely Case
Data exfiltration, unauthorized file access, and potential installation of additional malicious payloads.
If Mitigated
Limited impact if devices are not used for sensitive operations and app installation is restricted.
🎯 Exploit Status
Exploit requires creating a malicious app that declares the missing permission com.tct.smart.switchphone.permission.SWITCH_DATA
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not provided in CVE
Restart Required: Yes
Instructions:
1. Check for device manufacturer updates
2. Apply any available security patches
3. Factory reset may be required if patches are unavailable
🔧 Temporary Workarounds
Disable vulnerable apps
androidDisable the vulnerable pre-installed apps via Android settings
adb shell pm disable-user com.tcl.screenrecorder
adb shell pm disable-user com.tcl.sos
Restrict app installations
androidOnly install apps from trusted sources and disable unknown sources
🧯 If You Can't Patch
- Replace affected devices with patched models
- Isolate devices from sensitive networks and data
🔍 How to Verify
Check if Vulnerable:
Check device build fingerprint against vulnerable versions listed in CVE descriptionCheck Version:
adb shell getprop ro.build.fingerprintVerify Fix Applied:
Verify vulnerable app versions have been updated or removed📡 Detection & Monitoring
Log Indicators:
- Unexpected file access patterns
- Suspicious permission requests from third-party apps
Network Indicators:
- Unexpected data exfiltration from device
SIEM Query:
Look for process execution with system privileges from non-system apps🔗 References
- https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf
- https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf
