CVE-2022-39109 In Music service, there is a missing permission check

A remote attacker could leverage this flaw to elevate his or her privileges on the targeted system.

There is a NULL Pointer Dereference in the user-recovery mechanism in the Authentication service.

There is a missing access check in the MEDIA_RESTORER media service.

There is a missing access check in the MEDIA_CONTENT_RESTORE media service.
In the MEDIA_CENCENTER media service, there is a missing access check.

There is a missing access check in the MEDIA_CENCODE media service.

There is a missing access check in the MEDIA_ARTIST media service.
This issue could be exploited by a remote attacker to access and modify audio files on the targeted system.

There is a missing access check in the MEDIA_TITLE media service.

There is a missing access check in the MEDIA_ARTIST media service.

There is a missing access check in the MEDIA_TITLE media service.

There is a missing access check in the MEDIA_COMMENT media service.
In the MEDIA_COPYRIGHT media service, there is a missing access check.

There is a missing access check in the MEDIA_COPYRIGHT media service.

There is a missing access check in the MEDIA_CREATOR media service.

There is a missing access check

References ref

"CVE-2022-39109" : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39109

Timeline

Published on: 10/14/2022 19:15:00 UTC
Last modified on: 10/18/2022 18:12:00 UTC

References

• https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39109