An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.
References
Link | Resource |
---|---|
https://athack.com/session-details/401 | Third Party Advisory |
https://simowireless.com/ | Vendor Advisory |
https://www.kryptowire.com/android-firmware-2022/ | Broken Link |
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-11T22:17:28
Updated: 2022-03-11T22:17:28
Reserved: 2021-10-01T00:00:00
Link: CVE-2021-41850
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-11T23:15:09.277
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-41850
JSON object: View
Redhat Information
No data.
CWE