CVE-2021-41849

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
bluproductsg90_firmware
-
bluproductsg9_firmware
-
wikomobiletommy_3_firmware
-
wikomobiletommy_3_plus_firmware
-
lunasimo_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://athack.com/session-details/401
https://simowireless.com/
https://www.kryptowire.com/android-firmware-2022/
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/
https://athack.com/session-details/401
https://simowireless.com/
https://www.kryptowire.com/android-firmware-2022/
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/