Unrestricted Access to IMEI Values in Luna Simo PPR1.180610.011/202001031830

Unrestricted Access to IMEI Values in Luna Simo PPR1.180610.011/202001031830

CVE-2021-41850 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.

Learn more about our Web Application Penetration Testing UK.