Multiple vulnerabilities in Unisoc chipsets
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2022-47484 CVE-2022-47459 CVE-2022-47462 CVE-2022-47461 CVE-2022-47460 CVE-2022-47458 CVE-2022-47457 CVE-2022-47456 CVE-2022-47455 CVE-2022-47454 CVE-2022-47453 CVE-2022-47483 CVE-2022-47472 CVE-2022-47482 CVE-2022-47481 CVE-2022-47480 CVE-2022-47479 CVE-2022-47478 CVE-2022-47477 CVE-2022-47476 CVE-2022-47475 CVE-2022-47474 CVE-2022-47471 CVE-2022-47473 |
| CWE-ID | CWE-862 CWE-787 CWE-200 CWE-416 CWE-125 CWE-126 CWE-190 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SC9863A Mobile applications / Mobile firmware & hardware SC9832E Mobile applications / Mobile firmware & hardware SC7731E Mobile applications / Mobile firmware & hardware T610 Mobile applications / Mobile firmware & hardware T310 Mobile applications / Mobile firmware & hardware T606 Mobile applications / Mobile firmware & hardware T760 Mobile applications / Mobile firmware & hardware T618 Mobile applications / Mobile firmware & hardware T612 Mobile applications / Mobile firmware & hardware T616 Mobile applications / Mobile firmware & hardware T770 Mobile applications / Mobile firmware & hardware T820 Mobile applications / Mobile firmware & hardware S8000 Mobile applications / Mobile firmware & hardware |
| Vendor | UNISOC |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Missing Authorization
EUVDB-ID: #VU72823
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47484
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU72833
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47459
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can read, manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Missing Authorization
EUVDB-ID: #VU72832
Risk: High
CVSSv4.0: 2.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-47462
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a missing permission check within the telephone service in Android. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information Exposure
EUVDB-ID: #VU72831
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47461
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use After Free
EUVDB-ID: #VU72830
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47460
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to damange or delete data.
The vulnerability exists due to a memory corruption due to a use after free within the gpu device in Kerenl. A local application can damange or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU72829
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47458
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the fm driver in Kerenl. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU72828
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47457
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the fm driver in Kerenl. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer over-read
EUVDB-ID: #VU72827
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47456
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer over-read
EUVDB-ID: #VU72826
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47455
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU72825
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47454
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory corruption
EUVDB-ID: #VU72824
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47453
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wcn service in Kerenl. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Missing Authorization
EUVDB-ID: #VU72822
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47483
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Information Exposure
EUVDB-ID: #VU72810
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47472
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the setting service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Missing Authorization
EUVDB-ID: #VU72821
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47482
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Missing Authorization
EUVDB-ID: #VU72820
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47481
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Missing Authorization
EUVDB-ID: #VU72819
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47480
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Information Exposure
EUVDB-ID: #VU72818
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47479
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information Exposure
EUVDB-ID: #VU72817
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47478
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information Exposure
EUVDB-ID: #VU72816
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47477
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Information Exposure
EUVDB-ID: #VU72815
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47476
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Information Exposure
EUVDB-ID: #VU72814
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47475
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Information Exposure
EUVDB-ID: #VU72813
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47474
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information Exposure
EUVDB-ID: #VU72812
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47471
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Information Exposure
EUVDB-ID: #VU72811
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47473
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
