CVE-2020-5571 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-5571?

CVE-2020-5571 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5571?

Check the references section above for vendor advisories and patch information. Affected products include: Sharp Aquos Sh-M02 Firmware, Sharp Aquos Sh-M02, Sharp Aquos Sh-Rm02 Firmware, Sharp Aquos Sh-Rm02, Sharp Aquos Mini Sh-M03 Firmware.

Vulnerability Description

SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sharp	Aquos Sh-M02 Firmware	<= 01.00.05
Sharp	Aquos Sh-M02	-
Sharp	Aquos Sh-Rm02 Firmware	<= 01.00.04
Sharp	Aquos Sh-Rm02	-
Sharp	Aquos Mini Sh-M03 Firmware	<= 01.00.04
Sharp	Aquos Mini Sh-M03	-
Sharp	Aquos L2 Firmware	<= 01.00.05
Sharp	Aquos L2	-
Sharp	Aquos Sense Lite Sh-M05 Firmware	<= 03.00.04
Sharp	Aquos Sense Lite Sh-M05	-
Sharp	Aquos Sense Firmware	<= 03.00.03
Sharp	Aquos Sense	-
Sharp	Aquos Compact Sh-M06 Firmware	<= 02.00.02
Sharp	Aquos Compact Sh-M06	-
Sharp	Aquos Sense Plus Sh-M07 Firmware	<= 0.2.00.02
Sharp	Aquos Sense Plus Sh-M07	-
Sharp	Aquos Sense2 Sh-M08 Firmware	<= 02.00.05
Sharp	Aquos Sense2 Sh-M08	-
Sharp	Aquos Sense2 Firmware	<= 02.00.06
Sharp	Aquos Sense2	-

Related Weaknesses (CWE)

CWE-200

References

https://jvn.jp/en/jp/JVN93064451/index.htmlThird Party Advisory
https://k-tai.sharp.co.jp/support/info/info036.htmlThird Party Advisory
https://jvn.jp/en/jp/JVN93064451/index.htmlThird Party Advisory
https://k-tai.sharp.co.jp/support/info/info036.htmlThird Party Advisory

FAQ

What is CVE-2020-5571?

CVE-2020-5571 is a vulnerability with a CVSS score of 7.5 (HIGH). SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build numb...

How severe is CVE-2020-5571?

CVE-2020-5571 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5571?

Check the references section above for vendor advisories and patch information. Affected products include: Sharp Aquos Sh-M02 Firmware, Sharp Aquos Sh-M02, Sharp Aquos Sh-Rm02 Firmware, Sharp Aquos Sh-Rm02, Sharp Aquos Mini Sh-M03 Firmware.