Description
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://simowireless.com/
Broken Link x_refsource_misc
https://www.kryptowire.com/android-firmware-2022/
Third Party Advisory x_refsource_misc
https://athack.com/session-details/401
Exploit, Third Party Advisory x_refsource_misc
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/
Scores
CVSS v3
7.8
EPSS
0.0039
EPSS Percentile
30.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (5)
bluproducts/g90_firmware
bluproducts/g9_firmware
luna/simo_firmware
wikomobile/tommy_3_firmware
wikomobile/tommy_3_plus_firmware
Published
Mar 11, 2022
Tracked Since
Feb 18, 2026