Multiple vulnerabilities in Unisoc chipsets



Published: 2023-09-04
Risk Medium
Patch available YES
Number of vulnerabilities 43
CVE-ID CVE-2023-38465
CVE-2023-38457
CVE-2023-38458
CVE-2023-38459
CVE-2023-38460
CVE-2023-38461
CVE-2023-38462
CVE-2023-38463
CVE-2023-38464
CVE-2023-38466
CVE-2023-38455
CVE-2023-38467
CVE-2023-38468
CVE-2023-38553
CVE-2023-38554
CVE-2022-47352
CVE-2022-48452
CVE-2022-48453
CVE-2023-33914
CVE-2023-33915
CVE-2023-38456
CVE-2023-38454
CVE-2023-33916
CVE-2023-38442
CVE-2023-33917
CVE-2023-33918
CVE-2023-38436
CVE-2023-38437
CVE-2023-38438
CVE-2023-38439
CVE-2023-38440
CVE-2023-38441
CVE-2023-38443
CVE-2023-38453
CVE-2023-38444
CVE-2023-38445
CVE-2023-38446
CVE-2023-38447
CVE-2023-38448
CVE-2023-38449
CVE-2023-38450
CVE-2023-38451
CVE-2023-38452
CWE-ID CWE-862
CWE-200
CWE-787
CWE-125
CWE-230
CWE-703
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SC9832E
Mobile applications / Mobile firmware & hardware

SC9863A
Mobile applications / Mobile firmware & hardware

T310
Mobile applications / Mobile firmware & hardware

T606
Mobile applications / Mobile firmware & hardware

T612
Mobile applications / Mobile firmware & hardware

T616
Mobile applications / Mobile firmware & hardware

T610
Mobile applications / Mobile firmware & hardware

T618
Mobile applications / Mobile firmware & hardware

T760
Mobile applications / Mobile firmware & hardware

T770
Mobile applications / Mobile firmware & hardware

T820
Mobile applications / Mobile firmware & hardware

S8000
Mobile applications / Mobile firmware & hardware

SC7731E
Mobile applications / Mobile firmware & hardware

Vendor UNISOC

Security Bulletin

This security bulletin contains information about 43 vulnerabilities.

1) Missing Authorization

EUVDB-ID: #VU80262

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38465

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9832E: All versions

SC9863A: All versions

T310: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information exposure

EUVDB-ID: #VU80254

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38457

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information exposure

EUVDB-ID: #VU80255

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38458

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information exposure

EUVDB-ID: #VU80256

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38459

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information exposure

EUVDB-ID: #VU80257

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38460

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information exposure

EUVDB-ID: #VU80258

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38461

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information exposure

EUVDB-ID: #VU80259

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38462

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information exposure

EUVDB-ID: #VU80260

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38463

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information exposure

EUVDB-ID: #VU80261

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38464

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Missing Authorization

EUVDB-ID: #VU80263

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38466

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9832E: All versions

SC9863A: All versions

T310: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information exposure

EUVDB-ID: #VU80252

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38455

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds write

EUVDB-ID: #VU80264

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38467

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Android. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T310: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

EUVDB-ID: #VU80265

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38468

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Android. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T310: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds write

EUVDB-ID: #VU80266

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38553

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the WCN. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T310: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds write

EUVDB-ID: #VU80267

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38554

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the WCN. A local privileged application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T310: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU80268

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47352

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to manipulate or delete data.

The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the Kernel. A local application can manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Missing Authorization

EUVDB-ID: #VU80269

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48452

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to manipulate or delete data.

The vulnerability exists due to a possible missing permission check within the Android. A local application can manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T310: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds write

EUVDB-ID: #VU80270

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48453

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to manipulate or delete data.

The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Kernel. A local application can manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper Handling of Missing Values

EUVDB-ID: #VU80271

Risk: Medium

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33914

CWE-ID: CWE-230 - Improper Handling of Missing Values

Exploit availability: No

Description

The vulnerability allows a remote application to read, manipulate or delete data.

The vulnerability exists due to a possible missing verification incorrect input within the Security Mode Command in Modem. A remote application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU80272

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33915

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to a possible missing permission check within the Modem. A remote attacker can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Information exposure

EUVDB-ID: #VU80253

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38456

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Information exposure

EUVDB-ID: #VU80251

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38454

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Information exposure

EUVDB-ID: #VU80230

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33916

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Information exposure

EUVDB-ID: #VU80239

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38442

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Information exposure

EUVDB-ID: #VU80231

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33917

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Information exposure

EUVDB-ID: #VU80232

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33918

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Information exposure

EUVDB-ID: #VU80233

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38436

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Information exposure

EUVDB-ID: #VU80234

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38437

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Information exposure

EUVDB-ID: #VU80235

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38438

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Information exposure

EUVDB-ID: #VU80236

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38439

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Information exposure

EUVDB-ID: #VU80237

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38440

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Information exposure

EUVDB-ID: #VU80238

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38441

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Information exposure

EUVDB-ID: #VU80240

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38443

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Information exposure

EUVDB-ID: #VU80250

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38453

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Information exposure

EUVDB-ID: #VU80241

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38444

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Information exposure

EUVDB-ID: #VU80242

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38445

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Information exposure

EUVDB-ID: #VU80243

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38446

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Information exposure

EUVDB-ID: #VU80244

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38447

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Information exposure

EUVDB-ID: #VU80245

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38448

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Information exposure

EUVDB-ID: #VU80246

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38449

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Information exposure

EUVDB-ID: #VU80247

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38450

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Information exposure

EUVDB-ID: #VU80248

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38451

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Information exposure

EUVDB-ID: #VU80249

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38452

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###