CVE-2021-41850 – This vulnerability allows any third-party app o... (How to Fix)

Q: What is the severity of CVE-2021-41850?

CVE-2021-41850 has a CVSS score of 7.8 (HIGH). This vulnerability allows any third-party app on affected Luna Simo devices to read the device's IMEI values without requiring any permissions. The IMEI data is written to system properties at startup by a pre-installed app and can be accessed by all co-located applications. This affects users of specific Luna Simo Android devices with the vulnerable firmware.

📋 TL;DR

This vulnerability allows any third-party app on affected Luna Simo devices to read the device's IMEI values without requiring any permissions. The IMEI data is written to system properties at startup by a pre-installed app and can be accessed by all co-located applications. This affects users of specific Luna Simo Android devices with the vulnerable firmware.

💻 Affected Systems

Products:

Luna Simo Android devices

Versions: PPR1.180610.011/202001031830 firmware

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in a pre-installed system app (com.skyroam.silverhelper) and affects devices with this specific firmware version.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious apps could collect IMEI data for device tracking, SIM swapping attacks, or creating device fingerprints for targeted attacks without user knowledge.

🟠

Likely Case

Apps with legitimate purposes but questionable privacy practices could collect IMEI data for analytics or advertising tracking without proper user consent.

🟢

If Mitigated

With proper app vetting and security controls, the risk is limited to apps that have already been installed and granted basic device access.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires installing a malicious app, but no special permissions are needed to read the exposed system properties.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://simowireless.com/

Restart Required: No

Instructions:

Check with device manufacturer for firmware updates. If available, update to latest firmware version.

🔧 Temporary Workarounds

Disable or remove vulnerable app

android

Disable the com.skyroam.silverhelper app if possible through device settings

adb shell pm disable-user --user 0 com.skyroam.silverhelper

Restrict app installations

all

Only install apps from trusted sources and review app permissions carefully

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement mobile device management (MDM) with strict app whitelisting policies

🔍 How to Verify

Check if Vulnerable:

Run 'adb shell getprop | grep imei' on connected device. If IMEI values are displayed in readable format, device is vulnerable.

Check Version:

adb shell getprop ro.build.fingerprint

Verify Fix Applied:

After update or workaround, run same command. IMEI values should not be exposed in system properties.

📡 Detection & Monitoring

Log Indicators:

Unusual app accessing system properties, particularly IMEI-related properties

Network Indicators:

Device IMEI being transmitted to unexpected external servers

SIEM Query:

process_name:getprop AND command_line:*imei*

📊 Metadata

CVE ID: CVE-2021-41850

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-200

Published: March 11, 2022

Last Updated: November 21, 2024

🔗 References

https://athack.com/session-details/401 Third Party Advisory
https://simowireless.com/ Vendor Advisory
https://www.kryptowire.com/android-firmware-2022/ Broken Link
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/ Exploit,Third Party Advisory
https://athack.com/session-details/401 Third Party Advisory
https://simowireless.com/ Vendor Advisory
https://www.kryptowire.com/android-firmware-2022/ Broken Link
https://www.kryptowire.com/blog/vsim-vulnerability-within-simo-android-phones-exposed/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41850, you might also want to check these: