CVE-2021-41850

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.

Se ha detectado un problema en Luna Simo versión PPR1.180610.011/202001031830. Una aplicación preinstalada con el nombre de paquete com.skyroam.silverhelper escribe tres valores de IMEI en las propiedades del sistema al iniciarse éste. Los valores de las propiedades del sistema pueden ser obtenidos por medio de getprop por todas las aplicaciones de terceros ubicadas en el dispositivo, incluso las que no presentan permisos concedidos, exponiendo los valores de IMEI a procesos sin aplicar ningún control de acceso

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-10-01 CVE Reserved
2022-03-11 CVE Published
2024-06-02 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (4)

URL	Tag	Source
https://athack.com/session-details/401	Third Party Advisory
https://www.kryptowire.com/android-firmware-2022	Broken Link

URL	Date	SRC
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://simowireless.com	2022-07-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bluproducts Search vendor "Bluproducts"	G90 Firmware Search vendor "Bluproducts" for product "G90 Firmware"	-	-	Affected	in	Bluproducts Search vendor "Bluproducts"	G90 Search vendor "Bluproducts" for product "G90"	-	-	Safe
Bluproducts Search vendor "Bluproducts"	G9 Firmware Search vendor "Bluproducts" for product "G9 Firmware"	-	-	Affected	in	Bluproducts Search vendor "Bluproducts"	G9 Search vendor "Bluproducts" for product "G9"	-	-	Safe
Wikomobile Search vendor "Wikomobile"	Tommy 3 Firmware Search vendor "Wikomobile" for product "Tommy 3 Firmware"	-	-	Affected	in	Wikomobile Search vendor "Wikomobile"	Tommy 3 Search vendor "Wikomobile" for product "Tommy 3"	-	-	Safe
Wikomobile Search vendor "Wikomobile"	Tommy 3 Plus Firmware Search vendor "Wikomobile" for product "Tommy 3 Plus Firmware"	-	-	Affected	in	Wikomobile Search vendor "Wikomobile"	Tommy 3 Plus Search vendor "Wikomobile" for product "Tommy 3 Plus"	-	-	Safe
Luna Search vendor "Luna"	Simo Firmware Search vendor "Luna" for product "Simo Firmware"	-	-	Affected	in	Luna Search vendor "Luna"	Simo Search vendor "Luna" for product "Simo"	-	-	Safe