1. Home
  2. CVE Database
  3. CVE-2021-41849
MEDIUM · 5.5

CVE-2021-41849

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of ...

Vulnerability Description

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
BluproductsG90 Firmware-
BluproductsG90-
BluproductsG9 Firmware-
BluproductsG9-
WikomobileTommy 3 Firmware-
WikomobileTommy 3-
WikomobileTommy 3 Plus Firmware-
WikomobileTommy 3 Plus-
LunaSimo Firmware-
LunaSimo-

Related Weaknesses (CWE)

CWE-319CWE-200

References

FAQ

What is CVE-2021-41849?

CVE-2021-41849 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of ...

How severe is CVE-2021-41849?

CVE-2021-41849 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-41849?

Check the references section above for vendor advisories and patch information. Affected products include: Bluproducts G90 Firmware, Bluproducts G90, Bluproducts G9 Firmware, Bluproducts G9, Wikomobile Tommy 3 Firmware.