Vulnerability Details CVE-2021-41850
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://athack.com/session-details/401
- https://simowireless.com/
- https://www.kryptowire.com/android-firmware-2022/
- https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/
- https://athack.com/session-details/401
- https://simowireless.com/
- https://www.kryptowire.com/android-firmware-2022/
- https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/
Products affected by CVE-2021-41850
-
cpe:2.3:h:bluproducts:g90:-
-
cpe:2.3:h:bluproducts:g9:-
-
cpe:2.3:h:luna:simo:-
-
cpe:2.3:h:wikomobile:tommy_3:-
-
cpe:2.3:h:wikomobile:tommy_3_plus:-
-
cpe:2.3:o:bluproducts:g90_firmware:-
-
cpe:2.3:o:bluproducts:g9_firmware:-
-
cpe:2.3:o:luna:simo_firmware:-
-
cpe:2.3:o:wikomobile:tommy_3_firmware:-
-
cpe:2.3:o:wikomobile:tommy_3_plus_firmware:-