Missing Permission Check in Telephony Service from UNISOC
CVE-2023-42716

7.5HIGH

Key Information:

Vendor
Unisoc
Status
SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
Vendor
CVE Published:
4 December 2023

Summary

A vulnerability has been identified in UNISOC's telephony service, which may allow remote attackers to access sensitive information without requiring appropriate permissions. This security flaw could result in unintended data exposure, raising concerns about the integrity of user information and the overall security of communications handled by the affected service.

Affected Version(s)

SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 Android11/Android12

References

https://www.unisoc.com/en_us/secy/announcementDetail/http...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.