CVE-2021-41849

Published: 11/03/2022 Updated: 08/08/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

An issue exists in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bluproducts g90 firmware -
bluproducts g9 firmware -
wikomobile tommy 3 firmware -
wikomobile tommy 3 plus firmware -
luna simo firmware -

CWE-200 CWE-319 https://athack.com/session-details/401 https://www.kryptowire.com/android-firmware-2022/https://simowireless.com/https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-41849

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect