CVE-2021-41850

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bluproducts:g90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:g90:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:bluproducts:g9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:g9:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:wikomobile:tommy_3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wikomobile:tommy_3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:wikomobile:tommy_3_plus_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wikomobile:tommy_3_plus:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:luna:simo_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:luna:simo:-:*:*:*:*:*:*:*

Information

Published : 2022-03-11 15:15

Updated : 2022-07-12 10:42


NVD link : CVE-2021-41850

Mitre link : CVE-2021-41850


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

wikomobile

  • tommy_3
  • tommy_3_firmware
  • tommy_3_plus
  • tommy_3_plus_firmware

bluproducts

  • g90_firmware
  • g9_firmware
  • g9
  • g90

luna

  • simo_firmware
  • simo