CVE-2021-41849

Опубликовано: 11 мар. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.

Ссылки

https://athack.com/session-details/401
Third Party Advisory
https://simowireless.com/
Vendor Advisory
https://www.kryptowire.com/android-firmware-2022/
Broken Link
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/
Exploit
Third Party Advisory
https://athack.com/session-details/401
Third Party Advisory
https://simowireless.com/
Vendor Advisory
https://www.kryptowire.com/android-firmware-2022/
Broken Link
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:bluproducts:g90_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bluproducts:g90:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:bluproducts:g9_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bluproducts:g9:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:wikomobile:tommy_3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wikomobile:tommy_3:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:wikomobile:tommy_3_plus_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wikomobile:tommy_3_plus:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:luna:simo_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:luna:simo:-:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00031

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-p3f8-38m4-92hm

CVSS3: 5.5

github

почти 4 года назад

EPSS

Процентиль: 9%

0.00031

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200