Multiple vulnerabilities in Unisoc chipsets



Risk High
Patch available YES
Number of vulnerabilities 39
CVE-ID CVE-2022-44428
CVE-2022-38683
CVE-2022-38682
CVE-2022-38678
CVE-2022-44432
CVE-2022-44431
CVE-2022-44430
CVE-2022-44429
CVE-2022-44427
CVE-2022-39104
CVE-2022-44426
CVE-2022-44425
CVE-2022-44439
CVE-2022-44438
CVE-2022-44437
CVE-2022-44436
CVE-2022-44435
CVE-2022-44434
CVE-2022-38684
CVE-2022-39081
CVE-2022-44446
CVE-2022-44423
CVE-2022-44445
CVE-2022-44444
CVE-2022-44443
CVE-2022-44442
CVE-2022-44441
CVE-2022-44440
CVE-2022-44424
CVE-2022-44422
CVE-2022-39082
CVE-2022-39088
CVE-2022-39087
CVE-2022-39086
CVE-2022-39085
CVE-2022-39118
CVE-2022-39116
CVE-2022-39084
CVE-2022-39083
CWE-ID CWE-122
CWE-862
CWE-190
CWE-787
CWE-77
CWE-126
CWE-191
CWE-125
CWE-120
CWE-121
Exploitation vector Network
Public exploit N/A
Vulnerable software
 SC9863A
Mobile applications / Mobile firmware & hardware

SC9832E
Mobile applications / Mobile firmware & hardware

SC7731E
Mobile applications / Mobile firmware & hardware

T610
Mobile applications / Mobile firmware & hardware

T310
Mobile applications / Mobile firmware & hardware

T606
Mobile applications / Mobile firmware & hardware

T760
Mobile applications / Mobile firmware & hardware

T618
Mobile applications / Mobile firmware & hardware

T612
Mobile applications / Mobile firmware & hardware

T616
Mobile applications / Mobile firmware & hardware

T770
Mobile applications / Mobile firmware & hardware

T820
Mobile applications / Mobile firmware & hardware

S8000
Mobile applications / Mobile firmware & hardware

Vendor UNISOC

Security Bulletin

This security bulletin contains information about 39 vulnerabilities.

1) Heap-based Buffer Overflow

EUVDB-ID: #VU70754

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44428

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Missing Authorization

EUVDB-ID: #VU70747

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-38683

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing permission check within the contacts service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Missing Authorization

EUVDB-ID: #VU70748

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-38682

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing permission check within the contacts service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Missing Authorization

EUVDB-ID: #VU70749

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-38678

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing permission check within the contacts service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer Overflow or Wraparound

EUVDB-ID: #VU70750

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44432

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU70751

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44431

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based Buffer Overflow

EUVDB-ID: #VU70752

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44430

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Heap-based Buffer Overflow

EUVDB-ID: #VU70753

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44429

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Heap-based Buffer Overflow

EUVDB-ID: #VU70755

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44427

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Missing Authorization

EUVDB-ID: #VU70745

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-39104

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing permission check within the Contacts service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Integer Overflow or Wraparound

EUVDB-ID: #VU70756

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44426

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Integer Overflow or Wraparound

EUVDB-ID: #VU70757

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44425

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Missing Authorization

EUVDB-ID: #VU70758

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-44439

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Missing Authorization

EUVDB-ID: #VU70759

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-44438

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Missing Authorization

EUVDB-ID: #VU70760

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-44437

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Missing Authorization

EUVDB-ID: #VU70761

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-44436

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Missing Authorization

EUVDB-ID: #VU70762

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-44435

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Missing Authorization

EUVDB-ID: #VU70763

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-44434

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Missing Authorization

EUVDB-ID: #VU70746

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-38684

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing permission check within the contacts service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Command injection

EUVDB-ID: #VU70744

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39081

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing permission check within the messaging service in Android. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer over-read

EUVDB-ID: #VU70725

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44446

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Missing Authorization

EUVDB-ID: #VU70733

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44423

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing permission check within the music service in Android. A local application can perform service disruption.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer over-read

EUVDB-ID: #VU70726

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44445

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Integer underflow

EUVDB-ID: #VU70727

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44444

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer over-read

EUVDB-ID: #VU70728

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44443

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU70729

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44442

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds read

EUVDB-ID: #VU70730

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44441

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU70731

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44440

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Missing Authorization

EUVDB-ID: #VU70732

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44424

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing permission check within the music service in Android. A local application can perform service disruption.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Missing Authorization

EUVDB-ID: #VU70734

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44422

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing permission check within the music service in Android. A local application can perform service disruption.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Command injection

EUVDB-ID: #VU70743

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39082

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing permission check within the network service in Android. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Command injection

EUVDB-ID: #VU70735

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39088

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local privileged application to read, manipulate or delete data.

The vulnerability exists due to a missing permission check within the network service in Android. A local privileged application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Command injection

EUVDB-ID: #VU70736

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39087

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local privileged application to read, manipulate or delete data.

The vulnerability exists due to a missing permission check within the network service in Android. A local privileged application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Command injection

EUVDB-ID: #VU70737

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39086

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local privileged application to read, manipulate or delete data.

The vulnerability exists due to a missing permission check within the network service in Android. A local privileged application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Command injection

EUVDB-ID: #VU70738

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39085

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local privileged application to read, manipulate or delete data.

The vulnerability exists due to a missing permission check within the network service in Android. A local privileged application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer overflow

EUVDB-ID: #VU70739

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39118

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sprd_sysdump driver in kernel. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Stack-based buffer overflow

EUVDB-ID: #VU70740

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39116

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sysdump driver in kernel. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Command injection

EUVDB-ID: #VU70741

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39084

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing permission check within the network service in Android. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Command injection

EUVDB-ID: #VU70742

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39083

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing permission check within the network service in Android. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###