CVE-2021-41849
https://notcve.org/view.php?id=CVE-2021-41849
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. Se ha detectado un problema en Luna Simo versión PPR1.180610.011/202001031830. Envía la siguiente Información de Identificación Personal (PII) en texto plano usando HTTP a servidores ubicados en China: la lista de aplicaciones instaladas por el usuario y la identidad internacional de equipo móvil (IMEI) del dispositivo. • https://athack.com/session-details/401 https://simowireless.com https://www.kryptowire.com/android-firmware-2022 https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2021-41848
https://notcve.org/view.php?id=CVE-2021-41848
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an SELinux domain named osi. To exploit this vulnerability, a local third-party app needs to have write access to external storage to write the spoofed update at the expected path. The vulnerable system binary (i.e., /system/bin/osi_bin) does not perform any authentication of the update file beyond ensuring that it is encrypted with an AES key (that is hard-coded in the vulnerable system binary). Processes executing with the osi SELinux domain can programmatically perform the following actions: install apps, grant runtime permissions to apps (including permissions with protection levels of dangerous and development), access extensive Personally Identifiable Information (PII) using the programmatically grant permissions, uninstall apps, set the default launcher app to a malicious launcher app that spoofs other apps, set a network proxy to intercept network traffic, unload kernel modules, set the default keyboard to a keyboard that has keylogging functionality, examine notification contents, send text messages, and more. • https://athack.com/session-details/401 https://simowireless.com https://www.kryptowire.com/android-firmware-2022 https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed • CWE-798: Use of Hard-coded Credentials •
CVE-2021-41850
https://notcve.org/view.php?id=CVE-2021-41850
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control. Se ha detectado un problema en Luna Simo versión PPR1.180610.011/202001031830. Una aplicación preinstalada con el nombre de paquete com.skyroam.silverhelper escribe tres valores de IMEI en las propiedades del sistema al iniciarse éste. • https://athack.com/session-details/401 https://simowireless.com https://www.kryptowire.com/android-firmware-2022 https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •