CVE-2021-20693
📋 TL;DR
This vulnerability allows remote attackers to redirect users to arbitrary websites through the Gurunavi mobile app. Attackers can trick users into visiting malicious sites by exploiting improper access controls in the app's webview handling. Users of Gurunavi App for Android version 10.0.10 and earlier or iOS version 11.1.2 and earlier are affected.
💻 Affected Systems
- Gurunavi App
📦 What is this software?
Gurunavi by Gurunavi
Gurunavi by Gurunavi
⚠️ Risk & Real-World Impact
Worst Case
Users could be redirected to phishing sites that steal credentials, financial information, or deliver malware, potentially leading to account compromise, financial loss, or device infection.
Likely Case
Attackers create malicious links that, when clicked within the app, redirect users to phishing pages or scam websites designed to harvest personal information.
If Mitigated
With proper URL validation and webview security controls, users would only be able to access trusted, whitelisted domains through the app.
🎯 Exploit Status
Exploitation requires user interaction (clicking a malicious link) but no authentication. The vulnerability is simple to exploit once a malicious link is crafted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android: versions after 10.0.10, iOS: versions after 11.1.2
Vendor Advisory: https://jvn.jp/en/jp/JVN54025691/index.html
Restart Required: Yes
Instructions:
1. Open Google Play Store (Android) or App Store (iOS). 2. Search for 'Gurunavi'. 3. If an update is available, tap 'Update'. 4. Restart the app after installation completes.
🔧 Temporary Workarounds
Disable app or use web version
allUninstall the vulnerable app and use the Gurunavi website instead through a secure browser.
Avoid clicking links within the app
allDo not click on any external links while using the Gurunavi app until it is updated.
🧯 If You Can't Patch
- Uninstall the Gurunavi app and use alternative restaurant guide applications
- Configure mobile device management (MDM) to block the vulnerable app versions if used in enterprise environments
🔍 How to Verify
Check if Vulnerable:
Check app version in device settings: Android: Settings > Apps > Gurunavi > App info; iOS: Settings > General > iPhone Storage > GurunaviCheck Version:
Not applicable - check through device settings as described aboveVerify Fix Applied:
Verify app version is newer than affected versions: Android > 10.0.10, iOS > 11.1.2📡 Detection & Monitoring
Log Indicators:
- Unusual URL redirect patterns in app logs
- Multiple failed webview load attempts to suspicious domains
Network Indicators:
- HTTP redirects from Gurunavi app to unexpected domains
- Connections to known malicious domains originating from the app
SIEM Query:
source="mobile_device" app="Gurunavi" (url_contains="redirect" OR url_contains="http://" OR url_contains="https://") destination_domain NOT IN ("gurunavi.com", "trusted-domain.com")