Vulnerability CVE-2021-41849
Published: 2022-03-11   Modified: 2022-03-12

Description:
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.

Type:

CWE-319

 (Cleartext Transmission of Sensitive Information)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://athack.com/session-details/401
https://www.kryptowire.com/android-firmware-2022/
https://simowireless.com/
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/
Copyright 2026, cxsecurity.com

 

Back to Top