3 matches found
CVE-2021-41850
CVE-2021-41850 affects Luna Simo devices (e.g., PPR1.180610.011/202001031830). A pre-installed app with package name com.skyroam.silverhelper writes three IMEI values to system properties at startup, which can be read via getprop by any co-located third-party app, even without permissions. This c...
CVE-2021-41848
The CVE-2021-41848 issue affects Luna Simo PPR1.180610.011/202001031830. An attacker with local write access to external storage can supply a spoofed update file containing a shell script and an ARM binary. If processed by /system/bin/osi_bin, this payload can run with the osi SELinux domain as r...
CVE-2021-41849
The CVE-2021-41849 entry concerns Luna Simo PPR1.180610.011/202001031830, where PII (installed apps list, IMEI) is transmitted in plaintext over HTTP to log.skyroam.com.cn, independent of Simo usage. This is documented across multiple sources (NVD/Red Hat PRION/PR-ION PT-Security) and confirmed b...