- Description
- Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
- Source
- cvd@cert.pl
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 4.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- cvd@cert.pl
- CWE-497
- Hype score
- Not currently trending
폴카닷 그리고 2024년에 CVE-2024-10576이랑 CVE-2024-12993 터졌다며? 기본적인 보안도 못하는 병신들. 파라체인이고 나발이고 다 개소리야. 해킹당하면 끝장이지. Immunefi에서 버그 바운티 한다고? 2억 달러 날릴 뻔한 취약점 찾았다며. 개발자들 월급은 뭐하러 주냐?
@geobug437830
17 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
시발 인피넥스 개좆같은 보안 구멍 천지네. 2024년 말에 CVE-2024-10576이랑 CVE-2024-12993 터졌는데 개발자들 뭐했냐? 씨발 기본적인 브로드캐스트 리시버랑 콘텐츠 프로바이더도 제대로 못 막아놨어. 개인정보 다 털리겠네.
@geobug437830
17 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12993 Unsecured Location Leak in Pre-Loaded Infinix Weather App Infinix devic... https://t.co/Ud3uwKPhLC Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
30 Dec 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes