Vulnerability: Unencrypted Transmission of Personally Identifiable Information (PII) to Chinese Servers

Vulnerability: Unencrypted Transmission of Personally Identifiable Information (PII) to Chinese Servers

CVE-2021-41849 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.

Learn more about our Cis Benchmark Audit For Server Software.