CVE-2021-41850

Name of the Vulnerable Software and Affected Versions Luna Simo PPR1.180610.011/202001031830

Description An issue was discovered where a pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.

Recommendations As a temporary workaround, consider restricting access to the getprop command to minimize the risk of exploitation. Avoid using the com.skyroam.silverhelper app until the issue is resolved. Restrict the ability of third-party applications to access system properties to prevent unauthorized access to IMEI values.