An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.
References
Link | Resource |
---|---|
https://athack.com/session-details/401 | Third Party Advisory |
https://simowireless.com/ | Vendor Advisory |
https://www.kryptowire.com/android-firmware-2022/ | Broken Link |
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-11T22:17:42
Updated: 2022-03-11T22:17:42
Reserved: 2021-10-01T00:00:00
Link: CVE-2021-41849
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-11T23:15:09.223
Modified: 2023-08-08T14:22:24.967
Link: CVE-2021-41849
JSON object: View
Redhat Information
No data.