Multiple vulnerabilities in Unisoc chipsets

1) Buffer over-read

EUVDB-ID: #VU70823

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42768

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8013: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Missing Authorization

EUVDB-ID: #VU70813

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39094

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Missing Authorization

EUVDB-ID: #VU70814

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39093

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Missing Authorization

EUVDB-ID: #VU70815

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39091

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Missing Authorization

EUVDB-ID: #VU70816

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39092

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Missing Authorization

EUVDB-ID: #VU70817

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39090

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Missing Authorization

EUVDB-ID: #VU70818

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42776

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to a missing permission check within the UscAIEngine service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Missing Authorization

EUVDB-ID: #VU70819

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42778

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a missing permission check within the Android. A remote attacker can trick the victim to open a specially crafted file and gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer over-read

EUVDB-ID: #VU70820

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42759

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8017: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer over-read

EUVDB-ID: #VU70821

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42758

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8016: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer over-read

EUVDB-ID: #VU70822

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42757

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8015: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Integer overflow

EUVDB-ID: #VU70824

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42767

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8012: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Missing Authorization

EUVDB-ID: #VU70811

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39096

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information Exposure

EUVDB-ID: #VU70825

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42766

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing permission check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8011: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Integer overflow

EUVDB-ID: #VU70826

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42765

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8010: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Integer overflow

EUVDB-ID: #VU70827

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42764

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8009: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer overflow

EUVDB-ID: #VU70828

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42763

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8008: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information Exposure

EUVDB-ID: #VU70829

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42782

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing permission check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8007: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer over-read

EUVDB-ID: #VU70830

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42781

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8006: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer over-read

EUVDB-ID: #VU70831

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42780

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8005: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer over-read

EUVDB-ID: #VU70832

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42762

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8004: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer over-read

EUVDB-ID: #VU70833

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42779

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8003: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer over-read

EUVDB-ID: #VU70834

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42774

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8002: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Missing Authorization

EUVDB-ID: #VU70812

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39095

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Missing Authorization

EUVDB-ID: #VU70810

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39097

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU70009

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39131

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the camera driver. A local application can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds write

EUVDB-ID: #VU70017

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42755

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the wlan driver driver. A local application can trigger an out-of-bounds write and crash the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8023: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Race condition

EUVDB-ID: #VU70021

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42771

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8020: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Race condition

EUVDB-ID: #VU70019

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42770

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8019: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper Restriction of Operations within the Bounds of a Memory Buffer

EUVDB-ID: #VU70799

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42775

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to damange or delete data.

The vulnerability exists due to a possible memory corruption due to improper locking within the camera driver in Kernel. A local application can damange or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU70018

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42756

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the sensor driver. A local application can trigger memory corruption and crash the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU70016

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42754

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the npu driver. A local application can trigger a use-after-free error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Race condition

EUVDB-ID: #VU70015

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39134

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the audio driver. A local local application can exploit the race to trigger a use-after-free and crash the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper locking

EUVDB-ID: #VU70010

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39106

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service attack (DoS).

The vulnerability exists due to improper locking error within the serviceIn sensor driver. A local application can trigger a deadlock and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Heap-based buffer overflow

EUVDB-ID: #VU70013

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39132

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the camera driver. A local application can trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU70023

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39130

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the face detect driver. A local application can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Stack-based buffer overflow

EUVDB-ID: #VU70012

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39129

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the face detect driver. A local application can trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds write

EUVDB-ID: #VU70014

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39133

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8022: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Missing Authorization

EUVDB-ID: #VU70809

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39098

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the entire system.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds write

EUVDB-ID: #VU70022

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42772

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8021: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Buffer overflow

EUVDB-ID: #VU70800

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42760

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8018: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU70801

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42769

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8014: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU70802

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42773

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8001: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU70803

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42761

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Missing Authorization

EUVDB-ID: #VU70804

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42777

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Missing Authorization

EUVDB-ID: #VU70805

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39102

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the entire system.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Missing Authorization

EUVDB-ID: #VU70806

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39101

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the entire system.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Missing Authorization

EUVDB-ID: #VU70807

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39100

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Missing Authorization

EUVDB-ID: #VU70808

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39099

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	Medium
Patch available	YES
Number of vulnerabilities	49
CVE-ID	CVE-2022-42768 CVE-2022-39094 CVE-2022-39093 CVE-2022-39091 CVE-2022-39092 CVE-2022-39090 CVE-2022-42776 CVE-2022-42778 CVE-2022-42759 CVE-2022-42758 CVE-2022-42757 CVE-2022-42767 CVE-2022-39096 CVE-2022-42766 CVE-2022-42765 CVE-2022-42764 CVE-2022-42763 CVE-2022-42782 CVE-2022-42781 CVE-2022-42780 CVE-2022-42762 CVE-2022-42779 CVE-2022-42774 CVE-2022-39095 CVE-2022-39097 CVE-2022-39131 CVE-2022-42755 CVE-2022-42771 CVE-2022-42770 CVE-2022-42775 CVE-2022-42756 CVE-2022-42754 CVE-2022-39134 CVE-2022-39106 CVE-2022-39132 CVE-2022-39130 CVE-2022-39129 CVE-2022-39133 CVE-2022-39098 CVE-2022-42772 CVE-2022-42760 CVE-2022-42769 CVE-2022-42773 CVE-2022-42761 CVE-2022-42777 CVE-2022-39102 CVE-2022-39101 CVE-2022-39100 CVE-2022-39099
CWE-ID	CWE-126 CWE-862 CWE-190 CWE-200 CWE-119 CWE-787 CWE-362 CWE-416 CWE-667 CWE-122 CWE-125 CWE-121 CWE-120
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	SC9863A Mobile applications / Mobile firmware & hardware SC9832E Mobile applications / Mobile firmware & hardware SC7731E Mobile applications / Mobile firmware & hardware T610 Mobile applications / Mobile firmware & hardware T310 Mobile applications / Mobile firmware & hardware T606 Mobile applications / Mobile firmware & hardware T760 Mobile applications / Mobile firmware & hardware T618 Mobile applications / Mobile firmware & hardware T612 Mobile applications / Mobile firmware & hardware T616 Mobile applications / Mobile firmware & hardware T770 Mobile applications / Mobile firmware & hardware T820 Mobile applications / Mobile firmware & hardware S8013 Mobile applications / Mobile firmware & hardware S8000 Mobile applications / Mobile firmware & hardware S8017 Mobile applications / Mobile firmware & hardware S8016 Mobile applications / Mobile firmware & hardware S8015 Mobile applications / Mobile firmware & hardware S8012 Mobile applications / Mobile firmware & hardware S8011 Mobile applications / Mobile firmware & hardware S8010 Mobile applications / Mobile firmware & hardware S8009 Mobile applications / Mobile firmware & hardware S8008 Mobile applications / Mobile firmware & hardware S8007 Mobile applications / Mobile firmware & hardware S8006 Mobile applications / Mobile firmware & hardware S8005 Mobile applications / Mobile firmware & hardware S8004 Mobile applications / Mobile firmware & hardware S8003 Mobile applications / Mobile firmware & hardware S8002 Mobile applications / Mobile firmware & hardware S8023 Mobile applications / Mobile firmware & hardware S8020 Mobile applications / Mobile firmware & hardware S8019 Mobile applications / Mobile firmware & hardware S8022 Mobile applications / Mobile firmware & hardware S8021 Mobile applications / Mobile firmware & hardware S8018 Mobile applications / Mobile firmware & hardware S8014 Mobile applications / Mobile firmware & hardware S8001 Mobile applications / Mobile firmware & hardware
Vendor	UNISOC