Multiple vulnerabilities in Unisoc chipsets



| Updated: 2023-02-19
Risk Medium
Patch available YES
Number of vulnerabilities 49
CVE-ID CVE-2022-42768
CVE-2022-39094
CVE-2022-39093
CVE-2022-39091
CVE-2022-39092
CVE-2022-39090
CVE-2022-42776
CVE-2022-42778
CVE-2022-42759
CVE-2022-42758
CVE-2022-42757
CVE-2022-42767
CVE-2022-39096
CVE-2022-42766
CVE-2022-42765
CVE-2022-42764
CVE-2022-42763
CVE-2022-42782
CVE-2022-42781
CVE-2022-42780
CVE-2022-42762
CVE-2022-42779
CVE-2022-42774
CVE-2022-39095
CVE-2022-39097
CVE-2022-39131
CVE-2022-42755
CVE-2022-42771
CVE-2022-42770
CVE-2022-42775
CVE-2022-42756
CVE-2022-42754
CVE-2022-39134
CVE-2022-39106
CVE-2022-39132
CVE-2022-39130
CVE-2022-39129
CVE-2022-39133
CVE-2022-39098
CVE-2022-42772
CVE-2022-42760
CVE-2022-42769
CVE-2022-42773
CVE-2022-42761
CVE-2022-42777
CVE-2022-39102
CVE-2022-39101
CVE-2022-39100
CVE-2022-39099
CWE-ID CWE-126
CWE-862
CWE-190
CWE-200
CWE-119
CWE-787
CWE-362
CWE-416
CWE-667
CWE-122
CWE-125
CWE-121
CWE-120
Exploitation vector Network
Public exploit N/A
Vulnerable software
 SC9863A
Mobile applications / Mobile firmware & hardware

SC9832E
Mobile applications / Mobile firmware & hardware

SC7731E
Mobile applications / Mobile firmware & hardware

T610
Mobile applications / Mobile firmware & hardware

T310
Mobile applications / Mobile firmware & hardware

T606
Mobile applications / Mobile firmware & hardware

T760
Mobile applications / Mobile firmware & hardware

T618
Mobile applications / Mobile firmware & hardware

T612
Mobile applications / Mobile firmware & hardware

T616
Mobile applications / Mobile firmware & hardware

T770
Mobile applications / Mobile firmware & hardware

T820
Mobile applications / Mobile firmware & hardware

S8013
Mobile applications / Mobile firmware & hardware

S8000
Mobile applications / Mobile firmware & hardware

S8017
Mobile applications / Mobile firmware & hardware

S8016
Mobile applications / Mobile firmware & hardware

S8015
Mobile applications / Mobile firmware & hardware

S8012
Mobile applications / Mobile firmware & hardware

S8011
Mobile applications / Mobile firmware & hardware

S8010
Mobile applications / Mobile firmware & hardware

S8009
Mobile applications / Mobile firmware & hardware

S8008
Mobile applications / Mobile firmware & hardware

S8007
Mobile applications / Mobile firmware & hardware

S8006
Mobile applications / Mobile firmware & hardware

S8005
Mobile applications / Mobile firmware & hardware

S8004
Mobile applications / Mobile firmware & hardware

S8003
Mobile applications / Mobile firmware & hardware

S8002
Mobile applications / Mobile firmware & hardware

S8023
Mobile applications / Mobile firmware & hardware

S8020
Mobile applications / Mobile firmware & hardware

S8019
Mobile applications / Mobile firmware & hardware

S8022
Mobile applications / Mobile firmware & hardware

S8021
Mobile applications / Mobile firmware & hardware

S8018
Mobile applications / Mobile firmware & hardware

S8014
Mobile applications / Mobile firmware & hardware

S8001
Mobile applications / Mobile firmware & hardware

Vendor UNISOC

Security Bulletin

This security bulletin contains information about 49 vulnerabilities.

1) Buffer over-read

EUVDB-ID: #VU70823

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42768

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8013: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Missing Authorization

EUVDB-ID: #VU70813

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39094

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Missing Authorization

EUVDB-ID: #VU70814

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39093

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Missing Authorization

EUVDB-ID: #VU70815

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39091

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Missing Authorization

EUVDB-ID: #VU70816

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39092

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Missing Authorization

EUVDB-ID: #VU70817

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39090

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Missing Authorization

EUVDB-ID: #VU70818

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42776

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to a missing permission check within the UscAIEngine service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Missing Authorization

EUVDB-ID: #VU70819

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42778

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a missing permission check within the Android. A remote attacker can trick the victim to open a specially crafted file and gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer over-read

EUVDB-ID: #VU70820

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42759

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8017: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer over-read

EUVDB-ID: #VU70821

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42758

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8016: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer over-read

EUVDB-ID: #VU70822

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42757

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8015: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Integer overflow

EUVDB-ID: #VU70824

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42767

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8012: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Missing Authorization

EUVDB-ID: #VU70811

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39096

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information Exposure

EUVDB-ID: #VU70825

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42766

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing permission check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8011: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Integer overflow

EUVDB-ID: #VU70826

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42765

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8010: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Integer overflow

EUVDB-ID: #VU70827

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42764

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8009: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer overflow

EUVDB-ID: #VU70828

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42763

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8008: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information Exposure

EUVDB-ID: #VU70829

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42782

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing permission check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8007: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer over-read

EUVDB-ID: #VU70830

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42781

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8006: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer over-read

EUVDB-ID: #VU70831

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42780

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8005: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer over-read

EUVDB-ID: #VU70832

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42762

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8004: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer over-read

EUVDB-ID: #VU70833

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42779

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8003: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer over-read

EUVDB-ID: #VU70834

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42774

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8002: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Missing Authorization

EUVDB-ID: #VU70812

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39095

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Missing Authorization

EUVDB-ID: #VU70810

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39097

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU70009

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39131

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the camera driver. A local application can trigger memory corruption and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds write

EUVDB-ID: #VU70017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42755

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the wlan driver driver. A local application can trigger an out-of-bounds write and crash the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8023: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Race condition

EUVDB-ID: #VU70021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42771

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8020: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Race condition

EUVDB-ID: #VU70019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42770

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8019: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper Restriction of Operations within the Bounds of a Memory Buffer

EUVDB-ID: #VU70799

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42775

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to damange or delete data.

The vulnerability exists due to a possible memory corruption due to improper locking within the camera driver in Kernel. A local application can damange or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU70018

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42756

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the sensor driver. A local application can trigger memory corruption and crash the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU70016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42754

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the npu driver. A local application can trigger a use-after-free error and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Race condition

EUVDB-ID: #VU70015

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39134

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the audio driver. A local local application can exploit the race to trigger a use-after-free and crash the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper locking

EUVDB-ID: #VU70010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39106

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service attack (DoS).

The vulnerability exists due to improper locking error within the serviceIn sensor driver. A local application can trigger a deadlock and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Heap-based buffer overflow

EUVDB-ID: #VU70013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39132

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the camera driver. A local application can trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU70023

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39130

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the face detect driver. A local application can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Stack-based buffer overflow

EUVDB-ID: #VU70012

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39129

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the face detect driver. A local application can trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds write

EUVDB-ID: #VU70014

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39133

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8022: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Missing Authorization

EUVDB-ID: #VU70809

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39098

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the entire system.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds write

EUVDB-ID: #VU70022

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42772

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8021: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Buffer overflow

EUVDB-ID: #VU70800

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42760

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8018: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU70801

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42769

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8014: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU70802

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42773

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8001: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU70803

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42761

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Missing Authorization

EUVDB-ID: #VU70804

Risk: Low

CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42777

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Missing Authorization

EUVDB-ID: #VU70805

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39102

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the entire system.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Missing Authorization

EUVDB-ID: #VU70806

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39101

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the entire system.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Missing Authorization

EUVDB-ID: #VU70807

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39100

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Missing Authorization

EUVDB-ID: #VU70808

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39099

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

CPE2.3 External links

https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###