Multiple vulnerabilities in Unisoc chipsets
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2022-20440 CVE-2022-20439 CVE-2022-20438 CVE-2022-20437 CVE-2022-20436 CVE-2022-20435 CVE-2022-20434 CVE-2022-20433 CVE-2022-20432 CVE-2022-20431 CVE-2022-20430 CVE-2022-39119 |
| CWE-ID | CWE-264 CWE-862 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
S8000 Mobile applications / Mobile firmware & hardware T820 Mobile applications / Mobile firmware & hardware T770 Mobile applications / Mobile firmware & hardware T616 Mobile applications / Mobile firmware & hardware T612 Mobile applications / Mobile firmware & hardware T618 Mobile applications / Mobile firmware & hardware T760 Mobile applications / Mobile firmware & hardware T606 Mobile applications / Mobile firmware & hardware T310 Mobile applications / Mobile firmware & hardware T610 Mobile applications / Mobile firmware & hardware SC7731E Mobile applications / Mobile firmware & hardware SC9832E Mobile applications / Mobile firmware & hardware SC9863A Mobile applications / Mobile firmware & hardware |
| Vendor | UNISOC |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67885
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20440
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67884
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20439
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67883
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20438
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67882
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20437
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67881
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20436
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67879
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20435
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67878
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20434
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67877
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20433
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67876
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20432
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67875
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20431
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67874
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20430
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Missing Authorization
EUVDB-ID: #VU70872
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-39119
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to aIn network service within the network service in Android. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsS8000: All versions
T820: All versions
T770: All versions
T616: All versions
T612: All versions
T618: All versions
T760: All versions
T606: All versions
T310: All versions
T610: All versions
SC7731E: All versions
SC9832E: All versions
SC9863A: All versions
CPE2.3- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
