Lucene search
HistoryOct 30, 2023 - 5:15 p.m.
CVE-2021-39810
nfc
contactless payment
permission check
local privilege escalation
exploitation
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected configurations
Node
googleandroidRange<14.0
ORgoogleandroidMatch14.0
Related
prion
prion
Default credentials
2023-10-30 17:15:00
cvelist
cvelist
CVE-2021-39810
2023-10-30 16:18:53
cve
cve
CVE-2021-39810
2023-10-30 17:15:47
vulnrichment
vulnrichment
CVE-2021-39810
2023-10-30 16:18:53
cnvd
cnvd
Google Android elevation of privilege vulnerability (CNVD-2023-96079)
2023-11-01 00:00:00
androidsecurity
androidsecurity
Android 14 Security Release Notes
2023-10-04 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2021-39810