CVE-2021-41849

Name of the Vulnerable Software and Affected Versions Luna Simo PPR1.180610.011/202001031830

Description An issue was discovered in Luna Simo where it sends Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China. The PII includes the user's list of installed apps and device International Mobile Equipment Identity (IMEI). This information is transmitted to "log.skyroam.com.cn" using HTTP, regardless of whether the user is using the Simo software.

Recommendations For Luna Simo PPR1.180610.011/202001031830, consider restricting access to the log.skyroam.com.cn endpoint until a secure communication method is implemented. As a temporary workaround, avoid using the Simo software until a patch is available that addresses the transmission of PII in plaintext.