CVE-2021-41850

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bluproducts:g90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:g90:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:bluproducts:g9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:g9:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:wikomobile:tommy_3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wikomobile:tommy_3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:wikomobile:tommy_3_plus_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wikomobile:tommy_3_plus:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:luna:simo_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:luna:simo:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-11 23:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-41850

Mitre link : CVE-2021-41850

CVE.ORG link : CVE-2021-41850


JSON object : View

Products Affected

bluproducts

  • g90_firmware
  • g9
  • g90
  • g9_firmware

wikomobile

  • tommy_3_plus_firmware
  • tommy_3
  • tommy_3_plus
  • tommy_3_firmware

luna

  • simo_firmware
  • simo
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor