CVE-2021-40180
HIGHWeChat 8.0.10 - Exposure of Sensitive Information via wx.searchContacts
Title source: llmDescription
In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.
References (4)
Core 4
Core References
Exploit, Permissions Required, Third Party Advisory x_refsource_misc
https://pan.baidu.com/s/1RqMrZBruZZ4OHdnXUN5xDw
Exploit, Permissions Required, Third Party Advisory x_refsource_misc
https://pan.baidu.com/s/116sAQvs1CEzCeIfpI1NZvA
Mitigation, Technical Description, Third Party Advisory x_refsource_misc
https://arxiv.org/pdf/2205.15202.pdf
Exploit, Third Party Advisory x_refsource_misc
https://github.com/BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions/blob/main/WX%20applet%20contact%20permission%20vulnerability%20report.pdf
Scores
CVSS v3
7.5
EPSS
0.0106
EPSS Percentile
60.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
tencent/wechat
8.0.10 (2 CPE variants)
Published
Jul 26, 2022
Tracked Since
Feb 18, 2026