AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2019-14759: An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and Java

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 14, 2020CVE-2019-14759

Summary

KaiOS versions 1.0, 2.5, and 2.5.1 contain a vulnerability in their built-in Radio app that allows HTML and JavaScript injection (code inserted into a program to make it behave unexpectedly). An attacker with local access to the device could inject malicious code to manipulate the app's interface, trick users into revealing passwords, or exploit any permissions the Radio app has been granted.

Vulnerability Details

CVSS Score

4.4(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-79

CAPEC (Attack Pattern)

CAPEC-198 CAPEC-86

Original source: https://nvd.nist.gov/vuln/detail/CVE-2019-14759

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%