Login Sign Up

CVE-2024-7697

7.5 HIGH

📋 TL;DR

A logical vulnerability in the CarlCare mobile application (com.transsion.carlcare) exposes user information to unauthorized access. This affects users of Transsion mobile devices (Tecno, Infinix, Itel brands) who have the CarlCare app installed. The vulnerability stems from improper exposure of sensitive data through the app's components.

💻 Affected Systems

Products:
  • CarlCare mobile application
Versions: Versions prior to the security update
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Transsion device users (Tecno, Infinix, Itel brands) with CarlCare app installed. The vulnerability is in the app's component exposure logic.

📦 What is this software?

Carlcare by Transsion

View all CVEs affecting Carlcare →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive user data including personal information, device details, and potentially authentication tokens, leading to identity theft or account compromise.

🟠

Likely Case

Malicious apps or attackers with physical access could extract user information from the vulnerable application, compromising privacy.

🟢

If Mitigated

With proper app sandboxing and security controls, the impact is limited to data accessible only within the app's own storage.

🌐 Internet-Facing: LOW - This is primarily a local app vulnerability requiring app installation or physical access.
🏢 Internal Only: MEDIUM - Malicious apps on the same device could exploit this without user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires malicious app installation or physical device access. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Updated version via Google Play Store

Vendor Advisory: https://security.tecno.com/SRC/securityUpdates?type=SA

Restart Required: No

Instructions:

1. Open Google Play Store 2. Search for 'CarlCare' 3. Tap 'Update' if available 4. Alternatively, uninstall and reinstall the app

🔧 Temporary Workarounds

Disable or Remove CarlCare App

android

Uninstall or disable the vulnerable CarlCare application to eliminate the risk

Restrict App Permissions

android

Review and restrict unnecessary permissions for the CarlCare app in device settings

🧯 If You Can't Patch

  • Isolate device from sensitive networks and data
  • Monitor for unusual app behavior or data access attempts

🔍 How to Verify

Check if Vulnerable:

Check CarlCare app version in Google Play Store or device app settings. Versions before the security update are vulnerable.

Check Version:

No command line option. Check via: Settings > Apps > CarlCare > App info

Verify Fix Applied:

Verify CarlCare app has been updated to latest version in Google Play Store (shows 'Updated on [date]')

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to CarlCare app components
  • Permission violations related to CarlCare

Network Indicators:

  • Unexpected data exfiltration from device

SIEM Query:

Not applicable for mobile app vulnerability detection

📊 Metadata

CVE ID: CVE-2024-7697
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-359
Published: August 12, 2024
Last Updated: November 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7697, you might also want to check these:

CVE-2022-0482 9.1

This vulnerability in Easy Appointments allows unauthorized actors to access private personal inform...

Same vulnerability type (CWE-359)
CVE-2023-36052 8.6

CVE-2023-36052 is an information disclosure vulnerability in Azure CLI's REST command that allows au...

Same vulnerability type (CWE-359)
CVE-2024-26192 8.2

This vulnerability in Microsoft Edge (Chromium-based) allows an attacker to potentially access sensi...

Same vulnerability type (CWE-359)