{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T11:46:10.428","vulnerabilities":[{"cve":{"id":"CVE-2020-28055","sourceIdentifier":"cve@mitre.org","published":"2020-11-10T18:15:12.137","lastModified":"2026-06-17T03:10:04.897","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder."},{"lang":"es","value":"Una vulnerabilidad en la serie TCL Android Smart TV V8-R851T02-LF1 versiones V295 y por debajo y V8-T658T01-LF1 versiones V373 y por debajo de TCL Technology Group Corporation, permite a un atacante local no privilegiado, tal y como una aplicación maliciosa, leer y escribir en /data/vendor/tcl, /data/vendor/upgrade y /var/TerminalManager dentro del sistema de archivos del TV. Un atacante, como un APK malicioso o un usuario local no privilegiado, podría llevar a cabo actualizaciones del sistema falsas al escribir en la carpeta /data/vendor/upgrade"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tcl:32s330_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"v8-r851t10-lf1v091","matchCriteriaId":"F8917F66-D6DD-4592-B426-2D732B20F9EB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tcl:32s330:-:*:*:*:*:*:*:*","matchCriteriaId":"56FE475B-9E0B-4CEB-ACE7-12298F24EA44"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tcl:40s330_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"v8-r851t10-lf1v091","matchCriteriaId":"D80F9316-673A-418B-B235-EB07256BEDC6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tcl:40s330:-:*:*:*:*:*:*:*","matchCriteriaId":"8E20B7CC-7A75-4881-ACC8-1823C7FA0075"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tcl:43s434_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"v8-r851t02-lf1v440","matchCriteriaId":"4B3CEA71-8A14-49F8-9DD1-998FFA8D9083"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tcl:43s434:-:*:*:*:*:*:*:*","matchCriteriaId":"F7EDDFE1-4794-4FEB-9505-08EC4CE2E7DE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tcl:50s434_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"v8-r851t02-lf1v440","matchCriteriaId":"A35187E7-A0E1-48B4-8528-2D9A0126C950"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tcl:50s434:-:*:*:*:*:*:*:*","matchCriteriaId":"369146B4-AA84-4997-8E92-5E651E402317"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tcl:55s434_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"v8-r851t02-lf1v440","matchCriteriaId":"C5EDE7A1-9426-4C8A-9031-F0F30E6E882E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tcl:55s434:-:*:*:*:*:*:*:*","matchCriteriaId":"FDD2D6D3-CA5D-48CA-9B31-01225E395858"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tcl:65s434_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"v8-r851t02-lf1v440","matchCriteriaId":"25A8C850-0968-4DF4-B795-48EADD4DB197"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tcl:65s434:-:*:*:*:*:*:*:*","matchCriteriaId":"A807F653-170F-4819-B378-0BF2F841CEC2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tcl:75s434_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"v8-r851t02-lf1v440","matchCriteriaId":"757EBB9A-4404-4B07-BAFA-8502BE5942A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tcl:75s434:-:*:*:*:*:*:*:*","matchCriteriaId":"B2E147C9-2EEE-468A-96B2-1EAFCEF0D917"}]}]}],"references":[{"url":"https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-012.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/sickcodes/security/blob/master/etc/CVE-2020-27403_CVE-2020-28055_GlobalFAQ.pdf","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/sickcodes/security/blob/master/etc/CVE-2020-27403_CVE-2020-28055_Press-Statement-and-Questions_11162020.pdf","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://securityledger.com/2020/11/security-holes-opened-back-door-to-tcl-android-smart-tvs/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://securityledger.com/2020/11/tv-maker-tcl-denies-back-door-promises-better-process/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://sick.codes/sick-2020-012","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://support.tcl.com/vulnerabilities-found-in-tcl-android-tvs","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://twitter.com/johnjhacking/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://twitter.com/sickcodes/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-012.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/sickcodes/security/blob/master/etc/CVE-2020-27403_CVE-2020-28055_GlobalFAQ.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/sickcodes/security/blob/master/etc/CVE-2020-27403_CVE-2020-28055_Press-Statement-and-Questions_11162020.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://securityledger.com/2020/11/security-holes-opened-back-door-to-tcl-android-smart-tvs/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://securityledger.com/2020/11/tv-maker-tcl-denies-back-door-promises-better-process/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://sick.codes/sick-2020-012","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://support.tcl.com/vulnerabilities-found-in-tcl-android-tvs","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://twitter.com/johnjhacking/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://twitter.com/sickcodes/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}