Note:
This project will be discontinued after December 13, 2021. [more]
Product:
G9_firmware
(Bluproducts)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-11 | CVE-2021-41848 | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an SELinux domain named osi. To exploit this vulnerability, a local third-party app needs to have write access to external storage to write the spoofed update at the expected path. The vulnerable system... | G90_firmware, G9_firmware, Simo_firmware, Tommy_3_firmware, Tommy_3_plus_firmware | 7.8 | ||
| 2022-03-11 | CVE-2021-41849 | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. | G90_firmware, G9_firmware, Simo_firmware, Tommy_3_firmware, Tommy_3_plus_firmware | 5.5 | ||
| 2022-03-11 | CVE-2021-41850 | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control. | G90_firmware, G9_firmware, Simo_firmware, Tommy_3_firmware, Tommy_3_plus_firmware | 7.8 |