5 matches found
Improper access control
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located...
CVE-2021-41848
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an...
CVE-2021-41848
The CVE-2021-41848 issue affects Luna Simo PPR1.180610.011/202001031830. An attacker with local write access to external storage can supply a spoofed update file containing a shell script and an ARM binary. If processed by /system/bin/osi_bin, this payload can run with the osi SELinux domain as r...
CVE-2021-41849
The CVE-2021-41849 entry concerns Luna Simo PPR1.180610.011/202001031830, where PII (installed apps list, IMEI) is transmitted in plaintext over HTTP to log.skyroam.com.cn, independent of Simo usage. This is documented across multiple sources (NVD/Red Hat PRION/PR-ION PT-Security) and confirmed b...
Luna Simo 安全漏洞
Luna Simo is a smartphone from the Korean company Luna. A security vulnerability exists in Luna Simo PPR1.180610.011/202001031830. The vulnerability stems from the fact that it uses HTTP to send the following personally identifiable information PII in clear text to a server in China...