TECNO Pova 7 Pro 5G Command Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability in the AssistFeedbackService of the TECNO Pova 7 Pro 5G on Android has been identified, allowing local applications to execute arbitrary code with system privileges through command injection. This issue arises from improper handling of commands, which can be exploited by injecting malicious code that is then executed with elevated rights.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the device, potentially allowing malicious applications to perform actions or access data with system-level privileges.

Added: Apr 2, 2026, 9:23 AM

Updated: Apr 2, 2026, 9:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TECNO Pova 7 Pro 5G Command Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating