CVE-2020-5571

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device.

La serie SHARP AQUOS (AQUOS SH-M02 AQUOS SH-M02 número de compilación 01.00.05 y anteriores, AQUOS SH-RM02 número de compilación 01.00.04 y anteriores, AQUOS mini SH-M03 número de compilación 01.00.04 y anteriores, AQUOS Keitai número de compilación SH-N01 01.00. 01 y anteriores, AQUOS L2 (UQ mobile/J:COM) número de compilación 01.00.05 y anteriores, AQUOS sense lite SH-M05 número de compilación 03.00.04 y anteriores, AQUOS sense (UQ mobile) número de compilación 03.00.03 y anteriores, AQUOS compact SH-M06 número de compilación 02.00.02 y anteriores, AQUOS sense plus SH-M07 número de compilación 02.00.02 y anteriores, AQUOS sense2 SH-M08 número de compilación 02.00.05 y anteriores, y AQUOS sense2 (UQ mobile) número de compilación 02.00 .06 y anteriores), permiten a un atacante obtener información confidencial del dispositivo por medio de aplicaciones maliciosas instaladas en el dispositivo.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-06 CVE Reserved
2020-04-23 CVE Published
2023-03-07 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (2)

URL	Tag	Source
https://jvn.jp/en/jp/JVN93064451/index.html	Third Party Advisory
https://k-tai.sharp.co.jp/support/info/info036.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sharp Search vendor "Sharp"	Aquos Sh-m02 Firmware Search vendor "Sharp" for product "Aquos Sh-m02 Firmware"	<= 01.00.05 Search vendor "Sharp" for product "Aquos Sh-m02 Firmware" and version " <= 01.00.05"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Sh-m02 Search vendor "Sharp" for product "Aquos Sh-m02"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos Sh-rm02 Firmware Search vendor "Sharp" for product "Aquos Sh-rm02 Firmware"	<= 01.00.04 Search vendor "Sharp" for product "Aquos Sh-rm02 Firmware" and version " <= 01.00.04"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Sh-rm02 Search vendor "Sharp" for product "Aquos Sh-rm02"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos Mini Sh-m03 Firmware Search vendor "Sharp" for product "Aquos Mini Sh-m03 Firmware"	<= 01.00.04 Search vendor "Sharp" for product "Aquos Mini Sh-m03 Firmware" and version " <= 01.00.04"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Mini Sh-m03 Search vendor "Sharp" for product "Aquos Mini Sh-m03"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos Mini Sh-m03 Firmware Search vendor "Sharp" for product "Aquos Mini Sh-m03 Firmware"	<= 01.00.01 Search vendor "Sharp" for product "Aquos Mini Sh-m03 Firmware" and version " <= 01.00.01"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Mini Sh-m03 Search vendor "Sharp" for product "Aquos Mini Sh-m03"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos L2 Firmware Search vendor "Sharp" for product "Aquos L2 Firmware"	<= 01.00.05 Search vendor "Sharp" for product "Aquos L2 Firmware" and version " <= 01.00.05"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos L2 Search vendor "Sharp" for product "Aquos L2"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos Sense Lite Sh-m05 Firmware Search vendor "Sharp" for product "Aquos Sense Lite Sh-m05 Firmware"	<= 03.00.04 Search vendor "Sharp" for product "Aquos Sense Lite Sh-m05 Firmware" and version " <= 03.00.04"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Sense Lite Sh-m05 Search vendor "Sharp" for product "Aquos Sense Lite Sh-m05"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos Sense Firmware Search vendor "Sharp" for product "Aquos Sense Firmware"	<= 03.00.03 Search vendor "Sharp" for product "Aquos Sense Firmware" and version " <= 03.00.03"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Sense Search vendor "Sharp" for product "Aquos Sense"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos Compact Sh-m06 Firmware Search vendor "Sharp" for product "Aquos Compact Sh-m06 Firmware"	<= 02.00.02 Search vendor "Sharp" for product "Aquos Compact Sh-m06 Firmware" and version " <= 02.00.02"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Compact Sh-m06 Search vendor "Sharp" for product "Aquos Compact Sh-m06"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos Sense Plus Sh-m07 Firmware Search vendor "Sharp" for product "Aquos Sense Plus Sh-m07 Firmware"	<= 0.2.00.02 Search vendor "Sharp" for product "Aquos Sense Plus Sh-m07 Firmware" and version " <= 0.2.00.02"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Sense Plus Sh-m07 Search vendor "Sharp" for product "Aquos Sense Plus Sh-m07"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos Sense2 Sh-m08 Firmware Search vendor "Sharp" for product "Aquos Sense2 Sh-m08 Firmware"	<= 02.00.05 Search vendor "Sharp" for product "Aquos Sense2 Sh-m08 Firmware" and version " <= 02.00.05"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Sense2 Sh-m08 Search vendor "Sharp" for product "Aquos Sense2 Sh-m08"	-	-	Safe
Sharp Search vendor "Sharp"	Aquos Sense2 Firmware Search vendor "Sharp" for product "Aquos Sense2 Firmware"	<= 02.00.06 Search vendor "Sharp" for product "Aquos Sense2 Firmware" and version " <= 02.00.06"	-	Affected	in	Sharp Search vendor "Sharp"	Aquos Sense2 Search vendor "Sharp" for product "Aquos Sense2"	-	-	Safe