Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-5571 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
AQUOS SH-M02 Client/Desktop applications / Multimedia software AQUOS SH-RM02 Client/Desktop applications / Multimedia software AQUOS mini SH-M03 Client/Desktop applications / Multimedia software AQUOS Keitai SH-N01 Client/Desktop applications / Multimedia software AQUOS L2 (UQ mobile/J:COM) Client/Desktop applications / Multimedia software AQUOS sense lite SH-M05 Client/Desktop applications / Multimedia software AQUOS sense (UQ mobile) Client/Desktop applications / Multimedia software AQUOS compact SH-M06 Client/Desktop applications / Multimedia software AQUOS sense plus SH-M07 Client/Desktop applications / Multimedia software AQUOS sense2 SH-M08 Client/Desktop applications / Multimedia software AQUOS sense2 (UQ mobile) Client/Desktop applications / Multimedia software |
Vendor | Sharp Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU27241
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5571
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to information disclosure issue in multiple SHARP Android devices. A local attacker can trick a victim to install a malicious appllication and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAQUOS SH-M02: 01.00.05
AQUOS SH-RM02: 01.00.04
AQUOS mini SH-M03: 01.00.04
AQUOS Keitai SH-N01: 01.00.01
AQUOS L2 (UQ mobile/J:COM): 01.00.05
AQUOS sense lite SH-M05: 03.00.04
AQUOS sense (UQ mobile): 03.00.03
AQUOS compact SH-M06: 02.00.02
AQUOS sense plus SH-M07: 02.00.02
AQUOS sense2 SH-M08: 02.00.05
AQUOS sense2 (UQ mobile): 02.00.06
CPE2.3http://jvn.jp/en/jp/JVN93064451/index.html
http://k-tai.sharp.co.jp/support/info/info036.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.