Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.
The application com.transsion.aivoiceassistant does not implement proper permission controls (CWE-732) when handling requests to execute system components. An attacker, without needing to possess permissions or user interaction, can remotely invoke unexported components of other applications, which are normally access-restricted. Unexported components are designed to be protected from external access; however, a flaw in this application's permission logic allows these protections to be bypassed.
An attacker can execute any unexported component of installed applications, which may lead to unauthorized data access, system integrity violations, and potential takeover of device functions.
Apply patches available from the manufacturer according to references (https://security.tecno.com/SRC/securityUpdates?type=SA). It is recommended to regularly check for security updates from Transsion Security Response Center and immediately install available fixes.
Mobile devices with the installed application com.transsion.aivoiceassistant (AI Voice Assistant by Transsion); specific versions indicated in the manufacturer's references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H