Search criteria
26 vulnerabilities found for T760/T770/T820/S8000 by Unisoc (Shanghai) Technologies Co., Ltd.
CVE-2023-52534 (GCVE-0-2023-52534)
Vulnerability from cvelistv5 – Published: 2024-04-08 02:21 – Updated: 2024-11-05 19:52
VLAI?
Summary
In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed
Severity ?
5.9 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T17:08:45.794143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:52:32.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:39.957Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52534",
"datePublished": "2024-04-08T02:21:39.957Z",
"dateReserved": "2024-02-26T05:56:52.679Z",
"dateUpdated": "2024-11-05T19:52:32.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52533 (GCVE-0-2023-52533)
Vulnerability from cvelistv5 – Published: 2024-04-08 02:21 – Updated: 2025-03-13 13:35
VLAI?
Summary
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
5.3 (Medium)
CWE
- CWE-475 - Undefined Behavior for Input to API
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T14:34:05.179115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-475",
"description": "CWE-475 Undefined Behavior for Input to API",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:35:19.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:39.692Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52533",
"datePublished": "2024-04-08T02:21:39.692Z",
"dateReserved": "2024-02-26T05:56:52.679Z",
"dateUpdated": "2025-03-13T13:35:19.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52343 (GCVE-0-2023-52343)
Vulnerability from cvelistv5 – Published: 2024-04-08 02:21 – Updated: 2024-11-04 16:19
VLAI?
Summary
In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
5.5 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T14:25:18.906839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:19:04.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:15.217Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52343",
"datePublished": "2024-04-08T02:21:15.217Z",
"dateReserved": "2024-01-19T02:58:31.097Z",
"dateUpdated": "2024-11-04T16:19:04.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52344 (GCVE-0-2023-52344)
Vulnerability from cvelistv5 – Published: 2024-04-08 02:21 – Updated: 2024-11-08 21:12
VLAI?
Summary
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T17:17:14.767808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:12:45.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:15.497Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52344",
"datePublished": "2024-04-08T02:21:15.497Z",
"dateReserved": "2024-01-19T02:58:31.098Z",
"dateUpdated": "2024-11-08T21:12:45.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52342 (GCVE-0-2023-52342)
Vulnerability from cvelistv5 – Published: 2024-04-08 02:21 – Updated: 2025-03-13 17:53
VLAI?
Summary
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
7.5 (High)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:40.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
},
{
"status": "affected",
"version": "14.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T13:20:37.691599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T17:53:54.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:14.949Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52342",
"datePublished": "2024-04-08T02:21:14.949Z",
"dateReserved": "2024-01-19T02:58:31.097Z",
"dateUpdated": "2025-03-13T17:53:54.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52341 (GCVE-0-2023-52341)
Vulnerability from cvelistv5 – Published: 2024-04-08 02:21 – Updated: 2024-08-02 22:55
VLAI?
Summary
In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11/Android12/Android13
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "t760"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "t770"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "t820"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "s8000"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T16:02:30.609620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:55:19.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11/Android12/Android13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:14.660Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52341",
"datePublished": "2024-04-08T02:21:14.660Z",
"dateReserved": "2024-01-19T02:58:31.097Z",
"dateUpdated": "2024-08-02T22:55:41.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42720 (GCVE-0-2023-42720)
Vulnerability from cvelistv5 – Published: 2023-12-04 00:54 – Updated: 2024-08-02 19:30
VLAI?
Summary
In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T00:54:15.775Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-42720",
"datePublished": "2023-12-04T00:54:15.775Z",
"dateReserved": "2023-09-13T07:40:40.035Z",
"dateUpdated": "2024-08-02T19:30:24.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42655 (GCVE-0-2023-42655)
Vulnerability from cvelistv5 – Published: 2023-11-01 09:08 – Updated: 2024-09-05 15:46
VLAI?
Summary
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed
Severity ?
6.7 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:15:57.501282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:46:40.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T09:08:18.345Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-42655",
"datePublished": "2023-11-01T09:08:18.345Z",
"dateReserved": "2023-09-12T08:33:30.068Z",
"dateUpdated": "2024-09-05T15:46:40.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42645 (GCVE-0-2023-42645)
Vulnerability from cvelistv5 – Published: 2023-11-01 09:08 – Updated: 2024-09-05 15:13
VLAI?
Summary
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:12:45.992213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:13:33.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T09:08:12.743Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-42645",
"datePublished": "2023-11-01T09:08:12.743Z",
"dateReserved": "2023-09-12T08:33:30.067Z",
"dateUpdated": "2024-09-05T15:13:33.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40636 (GCVE-0-2023-40636)
Vulnerability from cvelistv5 – Published: 2023-10-08 03:35 – Updated: 2024-09-19 15:12
VLAI?
Summary
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:11:41.860037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:12:21.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T03:35:59.325Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-40636",
"datePublished": "2023-10-08T03:35:59.325Z",
"dateReserved": "2023-08-18T02:28:08.631Z",
"dateUpdated": "2024-09-19T15:12:21.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40638 (GCVE-0-2023-40638)
Vulnerability from cvelistv5 – Published: 2023-10-08 03:35 – Updated: 2024-09-19 15:07
VLAI?
Summary
In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:07:13.812488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:07:24.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T03:35:59.919Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-40638",
"datePublished": "2023-10-08T03:35:59.919Z",
"dateReserved": "2023-08-18T02:28:08.631Z",
"dateUpdated": "2024-09-19T15:07:24.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33915 (GCVE-0-2023-33915)
Vulnerability from cvelistv5 – Published: 2023-09-04 01:16 – Updated: 2024-09-30 20:14
VLAI?
Summary
In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T20:12:31.902965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T20:14:39.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T01:16:13.120Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-33915",
"datePublished": "2023-09-04T01:16:13.120Z",
"dateReserved": "2023-05-23T06:51:01.537Z",
"dateUpdated": "2024-09-30T20:14:39.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33914 (GCVE-0-2023-33914)
Vulnerability from cvelistv5 – Published: 2023-09-04 01:16 – Updated: 2024-10-01 13:04
VLAI?
Summary
In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android13/Android11/Android12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "android_13"
},
{
"status": "affected",
"version": "android_11"
},
{
"status": "affected",
"version": "android_12"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "android_13"
},
{
"status": "affected",
"version": "android_12"
},
{
"status": "affected",
"version": "android_11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "android_13"
},
{
"status": "affected",
"version": "android_12"
},
{
"status": "affected",
"version": "android_11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "android_13"
},
{
"status": "affected",
"version": "android_12"
},
{
"status": "affected",
"version": "android_11"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T13:01:39.424656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T13:04:12.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android13/Android11/Android12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T01:16:12.851Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-33914",
"datePublished": "2023-09-04T01:16:12.851Z",
"dateReserved": "2023-05-23T06:51:01.537Z",
"dateUpdated": "2024-10-01T13:04:12.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52534 (GCVE-0-2023-52534)
Vulnerability from nvd – Published: 2024-04-08 02:21 – Updated: 2024-11-05 19:52
VLAI?
Summary
In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed
Severity ?
5.9 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T17:08:45.794143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:52:32.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:39.957Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52534",
"datePublished": "2024-04-08T02:21:39.957Z",
"dateReserved": "2024-02-26T05:56:52.679Z",
"dateUpdated": "2024-11-05T19:52:32.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52533 (GCVE-0-2023-52533)
Vulnerability from nvd – Published: 2024-04-08 02:21 – Updated: 2025-03-13 13:35
VLAI?
Summary
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
5.3 (Medium)
CWE
- CWE-475 - Undefined Behavior for Input to API
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T14:34:05.179115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-475",
"description": "CWE-475 Undefined Behavior for Input to API",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:35:19.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:39.692Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52533",
"datePublished": "2024-04-08T02:21:39.692Z",
"dateReserved": "2024-02-26T05:56:52.679Z",
"dateUpdated": "2025-03-13T13:35:19.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52343 (GCVE-0-2023-52343)
Vulnerability from nvd – Published: 2024-04-08 02:21 – Updated: 2024-11-04 16:19
VLAI?
Summary
In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
5.5 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T14:25:18.906839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:19:04.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:15.217Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52343",
"datePublished": "2024-04-08T02:21:15.217Z",
"dateReserved": "2024-01-19T02:58:31.097Z",
"dateUpdated": "2024-11-04T16:19:04.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52344 (GCVE-0-2023-52344)
Vulnerability from nvd – Published: 2024-04-08 02:21 – Updated: 2024-11-08 21:12
VLAI?
Summary
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T17:17:14.767808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:12:45.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:15.497Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52344",
"datePublished": "2024-04-08T02:21:15.497Z",
"dateReserved": "2024-01-19T02:58:31.098Z",
"dateUpdated": "2024-11-08T21:12:45.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52342 (GCVE-0-2023-52342)
Vulnerability from nvd – Published: 2024-04-08 02:21 – Updated: 2025-03-13 17:53
VLAI?
Summary
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
7.5 (High)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android12/Android13/Android14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:40.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
},
{
"status": "affected",
"version": "14.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T13:20:37.691599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T17:53:54.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:14.949Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52342",
"datePublished": "2024-04-08T02:21:14.949Z",
"dateReserved": "2024-01-19T02:58:31.097Z",
"dateUpdated": "2025-03-13T17:53:54.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52341 (GCVE-0-2023-52341)
Vulnerability from nvd – Published: 2024-04-08 02:21 – Updated: 2024-08-02 22:55
VLAI?
Summary
In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11/Android12/Android13
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "t760"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "t770"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "t820"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "s8000"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T16:02:30.609620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:55:19.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11/Android12/Android13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:14.660Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52341",
"datePublished": "2024-04-08T02:21:14.660Z",
"dateReserved": "2024-01-19T02:58:31.097Z",
"dateUpdated": "2024-08-02T22:55:41.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42720 (GCVE-0-2023-42720)
Vulnerability from nvd – Published: 2023-12-04 00:54 – Updated: 2024-08-02 19:30
VLAI?
Summary
In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T00:54:15.775Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-42720",
"datePublished": "2023-12-04T00:54:15.775Z",
"dateReserved": "2023-09-13T07:40:40.035Z",
"dateUpdated": "2024-08-02T19:30:24.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42655 (GCVE-0-2023-42655)
Vulnerability from nvd – Published: 2023-11-01 09:08 – Updated: 2024-09-05 15:46
VLAI?
Summary
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed
Severity ?
6.7 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:15:57.501282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:46:40.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T09:08:18.345Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-42655",
"datePublished": "2023-11-01T09:08:18.345Z",
"dateReserved": "2023-09-12T08:33:30.068Z",
"dateUpdated": "2024-09-05T15:46:40.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42645 (GCVE-0-2023-42645)
Vulnerability from nvd – Published: 2023-11-01 09:08 – Updated: 2024-09-05 15:13
VLAI?
Summary
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:12:45.992213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:13:33.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T09:08:12.743Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-42645",
"datePublished": "2023-11-01T09:08:12.743Z",
"dateReserved": "2023-09-12T08:33:30.067Z",
"dateUpdated": "2024-09-05T15:13:33.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40636 (GCVE-0-2023-40636)
Vulnerability from nvd – Published: 2023-10-08 03:35 – Updated: 2024-09-19 15:12
VLAI?
Summary
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:11:41.860037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:12:21.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T03:35:59.325Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-40636",
"datePublished": "2023-10-08T03:35:59.325Z",
"dateReserved": "2023-08-18T02:28:08.631Z",
"dateUpdated": "2024-09-19T15:12:21.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40638 (GCVE-0-2023-40638)
Vulnerability from nvd – Published: 2023-10-08 03:35 – Updated: 2024-09-19 15:07
VLAI?
Summary
In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:07:13.812488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:07:24.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T03:35:59.919Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-40638",
"datePublished": "2023-10-08T03:35:59.919Z",
"dateReserved": "2023-08-18T02:28:08.631Z",
"dateUpdated": "2024-09-19T15:07:24.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33915 (GCVE-0-2023-33915)
Vulnerability from nvd – Published: 2023-09-04 01:16 – Updated: 2024-09-30 20:14
VLAI?
Summary
In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T20:12:31.902965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T20:14:39.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T01:16:13.120Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-33915",
"datePublished": "2023-09-04T01:16:13.120Z",
"dateReserved": "2023-05-23T06:51:01.537Z",
"dateUpdated": "2024-09-30T20:14:39.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33914 (GCVE-0-2023-33914)
Vulnerability from nvd – Published: 2023-09-04 01:16 – Updated: 2024-10-01 13:04
VLAI?
Summary
In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | T760/T770/T820/S8000 |
Affected:
Android13/Android11/Android12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "android_13"
},
{
"status": "affected",
"version": "android_11"
},
{
"status": "affected",
"version": "android_12"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "android_13"
},
{
"status": "affected",
"version": "android_12"
},
{
"status": "affected",
"version": "android_11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "android_13"
},
{
"status": "affected",
"version": "android_12"
},
{
"status": "affected",
"version": "android_11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "android_13"
},
{
"status": "affected",
"version": "android_12"
},
{
"status": "affected",
"version": "android_11"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T13:01:39.424656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T13:04:12.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android13/Android11/Android12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T01:16:12.851Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-33914",
"datePublished": "2023-09-04T01:16:12.851Z",
"dateReserved": "2023-05-23T06:51:01.537Z",
"dateUpdated": "2024-10-01T13:04:12.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}