Lucene search

[email protected]NVD:CVE-2021-41850

HistoryMar 11, 2022 - 11:15 p.m.

CVE-2021-41850

2022-03-1123:15:09

CWE-200

[email protected]

web.nvd.nist.gov

cve-2021-41850

pre-installed app

imei values

system properties

access control

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.0%

JSON

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.

Affected configurations

Nvd

Node

bluproductsg90_firmwareMatch-

AND

bluproductsg90Match-

Node

bluproductsg9_firmwareMatch-

AND

bluproductsg9Match-

Node

wikomobiletommy_3_firmwareMatch-

AND

wikomobiletommy_3Match-

Node

wikomobiletommy_3_plus_firmwareMatch-

AND

wikomobiletommy_3_plusMatch-

Node

lunasimo_firmwareMatch-

AND

lunasimoMatch-

VendorProductVersionCPE
bluproductsg90_firmware-cpe:2.3:o:bluproducts:g90_firmware:-:*:*:*:*:*:*:*
bluproductsg90-cpe:2.3:h:bluproducts:g90:-:*:*:*:*:*:*:*
bluproductsg9_firmware-cpe:2.3:o:bluproducts:g9_firmware:-:*:*:*:*:*:*:*
bluproductsg9-cpe:2.3:h:bluproducts:g9:-:*:*:*:*:*:*:*
wikomobiletommy_3_firmware-cpe:2.3:o:wikomobile:tommy_3_firmware:-:*:*:*:*:*:*:*
wikomobiletommy_3-cpe:2.3:h:wikomobile:tommy_3:-:*:*:*:*:*:*:*
wikomobiletommy_3_plus_firmware-cpe:2.3:o:wikomobile:tommy_3_plus_firmware:-:*:*:*:*:*:*:*
wikomobiletommy_3_plus-cpe:2.3:h:wikomobile:tommy_3_plus:-:*:*:*:*:*:*:*
lunasimo_firmware-cpe:2.3:o:luna:simo_firmware:-:*:*:*:*:*:*:*
lunasimo-cpe:2.3:h:luna:simo:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bluproducts	g90_firmware	-	cpe:2.3:o:bluproducts:g90_firmware:-:::::::*
bluproducts	g90	-	cpe:2.3:h:bluproducts:g90:-:::::::*
bluproducts	g9_firmware	-	cpe:2.3:o:bluproducts:g9_firmware:-:::::::*
bluproducts	g9	-	cpe:2.3:h:bluproducts:g9:-:::::::*
wikomobile	tommy_3_firmware	-	cpe:2.3:o:wikomobile:tommy_3_firmware:-:::::::*
wikomobile	tommy_3	-	cpe:2.3:h:wikomobile:tommy_3:-:::::::*
wikomobile	tommy_3_plus_firmware	-	cpe:2.3:o:wikomobile:tommy_3_plus_firmware:-:::::::*
wikomobile	tommy_3_plus	-	cpe:2.3:h:wikomobile:tommy_3_plus:-:::::::*
luna	simo_firmware	-	cpe:2.3:o:luna:simo_firmware:-:::::::*
luna	simo	-	cpe:2.3:h:luna:simo:-:::::::*

References

athack.com/session-details/401

simowireless.com/

www.kryptowire.com/android-firmware-2022/

www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.0%

JSON

Related for NVD:CVE-2021-41850

cvelist1 cve1 prion1