Details of VAR-202106-2305

ID

VAR-202106-2305

TITLE

OPPO Find x has an information disclosure vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-40721

DESCRIPTION

OPPO Find x is a smartphone launched by OPPO Guangdong Mobile Communications Co., Ltd. OPPO Find x has an information disclosure vulnerability. An attacker can use a malicious APP to only need to apply for the read permission of commonly used external storage space, and then the content of the user's call can be monitored through the exposed component.

Trust: 0.6

sources: CNVD: CNVD-2021-40721

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-40721

AFFECTED PRODUCTS

vendor:

oppo guangdong mobile

model:

find coloros

scope:

version:

xv6.0.1

Trust: 0.6

sources: CNVD: CNVD-2021-40721

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-40721
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2021-40721
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-40721

PATCH

title:

Patch for OPPO Find x has an information disclosure vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/272591

Trust: 0.6

sources: CNVD: CNVD-2021-40721

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-40721

Trust: 0.6

sources: CNVD: CNVD-2021-40721

SOURCES

db:

CNVD

id:

CNVD-2021-40721

LAST UPDATE DATE

2022-05-04T10:10:34.974000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-40721

date:

2021-06-13T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-40721

date:

2021-06-25T00:00:00