Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-38299

EPSS 0.05% · P16
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-38299

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: AT&T Calypso (ATT/U318AA/U318AA:10/QP1A.190711.020/1632369780:user/release-keys); Nokia C100 (Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_190:user/release-keys and Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_270:user/release-keys); Nokia C200 (Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_080:user/release-keys); and BLU View 3 (BLU/B140DL/B140DL:11/RP1A.200720.011/1628014629:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1632535579:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1637325978:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1650073052:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1657087912:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1666316280:user/release-keys, and BLU/B140DL/B140DL:11/RP1A.200720.011/1672371162:user/release-keys). This malicious app reads from the "persist.sys.imei1" system property to indirectly obtain the device IMEI.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nokia C100是芬兰诺基亚(Nokia)公司的一款智能手机。 多款产品存在安全漏洞,该漏洞源于设备的某些软件版本包含易受攻击的预装应用程序,会将设备 IMEI 泄漏到系统属性,设备上的任何本地应用程序都可以访问该系统属性,而无需任何权限或特殊权限。以下产品及版本受到影响:ATT Calypso、Nokia C100、Nokia C200、BLU View 3 。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2023-38299

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-38299

登录查看更多情报信息。

Same Patch Batch · n/a · 2024-04-22 · 44 CVEs total

CVE-2023-38301vendor.gsm.serial 安全漏洞
CVE-2023-38302flask-cors 安全漏洞
CVE-2023-38290com.evenwell.fqc 安全漏洞
CVE-2023-38296TCL 安全漏洞
CVE-2023-38295Tcl 安全漏洞
CVE-2023-38294Itel Vision 3 Turbo 安全漏洞
CVE-2023-38291TCL 20XE和TCL 10L 安全漏洞
CVE-2023-38292TCL 20XE 安全漏洞
CVE-2023-38298TCL 安全漏洞
CVE-2023-38293Nokia C100 安全漏洞
CVE-2023-38300Verizon Orbic Maui 安全漏洞
CVE-2022-34561phpFox 跨站脚本漏洞
CVE-2022-34560phpFox 安全漏洞
CVE-2022-34562phpFox 跨站脚本漏洞
CVE-2022-46897编号已被CVE保留
CVE-2022-35503Open Source MANO 安全漏洞
CVE-2024-27574Trainme Academy 安全漏洞
CVE-2024-29661Desdev DedeCMS 安全漏洞
CVE-2024-29368moziloCMS 安全漏洞
CVE-2024-29376Sylius 安全漏洞

Showing top 20 of 44 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2023-38299

No comments yet

Leave a comment