Multiple vulnerabilities in Unisoc chipsets
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 90 |
| CVE-ID | CVE-2023-42729 CVE-2023-42733 CVE-2023-42732 CVE-2022-48464 CVE-2022-48463 CVE-2022-48462 CVE-2023-42751 CVE-2023-42731 CVE-2023-42730 CVE-2023-42728 CVE-2023-42735 CVE-2023-42727 CVE-2023-42726 CVE-2023-42725 CVE-2023-42724 CVE-2023-42723 CVE-2023-42722 CVE-2023-42721 CVE-2023-42720 CVE-2023-42719 CVE-2023-42734 CVE-2023-42736 CVE-2023-42717 CVE-2023-42748 CVE-2022-48461 CVE-2022-48459 CVE-2022-48458 CVE-2022-48457 CVE-2022-48456 CVE-2022-48455 CVE-2022-48454 CVE-2023-42749 CVE-2023-42747 CVE-2023-42737 CVE-2023-42746 CVE-2023-42745 CVE-2023-42744 CVE-2023-42743 CVE-2023-42742 CVE-2023-42741 CVE-2023-42740 CVE-2023-42739 CVE-2023-42738 CVE-2023-42718 CVE-2023-42716 CVE-2023-42671 CVE-2023-42682 CVE-2023-42690 CVE-2023-42689 CVE-2023-42688 CVE-2023-42687 CVE-2023-42686 CVE-2023-42685 CVE-2023-42684 CVE-2023-42683 CVE-2023-42681 CVE-2023-42692 CVE-2023-42680 CVE-2023-42679 CVE-2023-42678 CVE-2023-42677 CVE-2023-42676 CVE-2023-42675 CVE-2023-42674 CVE-2023-42673 CVE-2023-42672 CVE-2023-42691 CVE-2023-42693 CVE-2023-42715 CVE-2023-42705 CVE-2023-42714 CVE-2023-42713 CVE-2023-42712 CVE-2023-42711 CVE-2023-42710 CVE-2023-42709 CVE-2023-42708 CVE-2023-42707 CVE-2023-42706 CVE-2023-42704 CVE-2023-42694 CVE-2023-42703 CVE-2023-42702 CVE-2023-42701 CVE-2023-42700 CVE-2023-42699 CVE-2023-42698 CVE-2023-42697 CVE-2023-42696 CVE-2023-42695 |
| CWE-ID | CWE-787 CWE-200 CWE-120 CWE-125 CWE-119 CWE-862 CWE-121 CWE-732 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SC7731E Mobile applications / Mobile firmware & hardware SC9832E Mobile applications / Mobile firmware & hardware SC9863A Mobile applications / Mobile firmware & hardware T310 Mobile applications / Mobile firmware & hardware T606 Mobile applications / Mobile firmware & hardware T612 Mobile applications / Mobile firmware & hardware T616 Mobile applications / Mobile firmware & hardware T610 Mobile applications / Mobile firmware & hardware T618 Mobile applications / Mobile firmware & hardware T760 Mobile applications / Mobile firmware & hardware T770 Mobile applications / Mobile firmware & hardware T820 Mobile applications / Mobile firmware & hardware S8000 Mobile applications / Mobile firmware & hardware |
| Vendor | UNISOC |
Security Bulletin
This security bulletin contains information about 90 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU83734
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42729
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the ril service in Android. A local privileged application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information exposure
EUVDB-ID: #VU83742
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42733
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information exposure
EUVDB-ID: #VU83741
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42732
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU83740
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48464
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local privileged application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU83739
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48463
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local privileged application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU83738
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48462
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local privileged application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU83737
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42751
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gnss service in WCN. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU83736
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42731
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the Gnss service in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsT606: All versions
T612: All versions
T616: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information exposure
EUVDB-ID: #VU83735
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42730
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the IMS service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU83733
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42728
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the phasecheckserver in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information exposure
EUVDB-ID: #VU83744
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42735
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds write
EUVDB-ID: #VU83732
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42727
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a incorrect bounds check within the gpu driver in Kernel. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU83731
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42726
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the TeleService in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU83730
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42725
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gpu driver in Kernel. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU83729
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42724
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gpu driver in Kernel. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU83728
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the camera service in Android. A local application can manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory corruption
EUVDB-ID: #VU83727
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42722
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate data.
The vulnerability exists due to a possible use after free due to a logic error within the camera service in Android. A local application can manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory corruption
EUVDB-ID: #VU83726
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42721
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible missing verification incorrect input within the flv extractor in Android. A remote attacker can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU83725
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42720
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the video service in Android. A remote attacker can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsT760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU83724
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42719
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a possible out of bounds read due to a incorrect bounds check within the video service in Android. A remote attacker can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsT606: All versions
T612: All versions
T616: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Information exposure
EUVDB-ID: #VU83743
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42734
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Missing Authorization
EUVDB-ID: #VU83745
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42736
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information exposure
EUVDB-ID: #VU83722
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42717
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Missing Authorization
EUVDB-ID: #VU83757
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42748
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Stack-based buffer overflow
EUVDB-ID: #VU83765
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48461
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Incorrect Permission Assignment for Critical Resource
EUVDB-ID: #VU83764
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48459
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Incorrect Permission Assignment for Critical Resource
EUVDB-ID: #VU83763
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48458
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Incorrect Permission Assignment for Critical Resource
EUVDB-ID: #VU83762
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48457
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory corruption
EUVDB-ID: #VU83761
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48456
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a incorrect bounds check within the camera driver in Kernel. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU83760
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48455
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU83759
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48454
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Information exposure
EUVDB-ID: #VU83758
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42749
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the enginnermode service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Missing Authorization
EUVDB-ID: #VU83756
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42747
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the camera service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Information exposure
EUVDB-ID: #VU83746
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42737
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Missing Authorization
EUVDB-ID: #VU83755
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42746
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the power manager in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Missing Authorization
EUVDB-ID: #VU83754
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42745
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Missing Authorization
EUVDB-ID: #VU83753
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42744
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Missing Authorization
EUVDB-ID: #VU83752
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42743
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Missing Authorization
EUVDB-ID: #VU83751
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42742
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the sysui in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Information exposure
EUVDB-ID: #VU83750
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42741
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Missing Authorization
EUVDB-ID: #VU83749
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42740
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Information exposure
EUVDB-ID: #VU83748
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42739
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the engineermode service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Missing Authorization
EUVDB-ID: #VU83747
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42738
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telocom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Information exposure
EUVDB-ID: #VU83723
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42718
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the dialer in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Information exposure
EUVDB-ID: #VU83721
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42716
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Information exposure
EUVDB-ID: #VU83676
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42671
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU83687
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42682
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gsp driver in Kernel. A local privileged application can damange or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Missing Authorization
EUVDB-ID: #VU83695
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42690
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Missing Authorization
EUVDB-ID: #VU83694
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42689
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Missing Authorization
EUVDB-ID: #VU83693
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42688
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Missing Authorization
EUVDB-ID: #VU83692
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42687
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Missing Authorization
EUVDB-ID: #VU83691
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42686
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Missing Authorization
EUVDB-ID: #VU83690
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42685
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Out-of-bounds read
EUVDB-ID: #VU83689
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42684
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gsp driver in Kernel. A local privileged application can damange or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU83688
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42683
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gsp driver in Kernel. A local privileged application can damange or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Missing Authorization
EUVDB-ID: #VU83686
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42681
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the ion service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Missing Authorization
EUVDB-ID: #VU83697
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42692
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Out-of-bounds read
EUVDB-ID: #VU83685
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42680
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gpu driver in Kernel. A local privileged application can damange or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Out-of-bounds write
EUVDB-ID: #VU83684
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42679
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gpu driver in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Information exposure
EUVDB-ID: #VU83683
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42678
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Information exposure
EUVDB-ID: #VU83682
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42677
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Information exposure
EUVDB-ID: #VU83681
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42676
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Information exposure
EUVDB-ID: #VU83680
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42675
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Information exposure
EUVDB-ID: #VU83679
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42674
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Information exposure
EUVDB-ID: #VU83678
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42673
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Information exposure
EUVDB-ID: #VU83677
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42672
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Missing Authorization
EUVDB-ID: #VU83696
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42691
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Missing Authorization
EUVDB-ID: #VU83698
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42693
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Information exposure
EUVDB-ID: #VU83720
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42715
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Information exposure
EUVDB-ID: #VU83710
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42705
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Information exposure
EUVDB-ID: #VU83719
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42714
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Information exposure
EUVDB-ID: #VU83718
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42713
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Information exposure
EUVDB-ID: #VU83717
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42712
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Information exposure
EUVDB-ID: #VU83716
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42711
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Information exposure
EUVDB-ID: #VU83715
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42710
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Information exposure
EUVDB-ID: #VU83714
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42709
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Information exposure
EUVDB-ID: #VU83713
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42708
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Information exposure
EUVDB-ID: #VU83712
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42707
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Information exposure
EUVDB-ID: #VU83711
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42706
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Information exposure
EUVDB-ID: #VU83709
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42704
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Missing Authorization
EUVDB-ID: #VU83699
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42694
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Information exposure
EUVDB-ID: #VU83708
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42703
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Information exposure
EUVDB-ID: #VU83707
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42702
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Information exposure
EUVDB-ID: #VU83706
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42701
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Information exposure
EUVDB-ID: #VU83705
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42700
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Information exposure
EUVDB-ID: #VU83704
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42699
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the omacp service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Information exposure
EUVDB-ID: #VU83703
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42698
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the omacp service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Information exposure
EUVDB-ID: #VU83702
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42697
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the omacp service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Missing Authorization
EUVDB-ID: #VU83701
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42696
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the entire system.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Missing Authorization
EUVDB-ID: #VU83700
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42695
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
