CVE-2021-38789 - OpenCVE

Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Allwinnertech	Android Q Sdk R818

Configuration 1 [-]

AND

cpe:2.3:a:allwinnertech:android_q_sdk:1.0:*:*:*:*:*:*:*

cpe:2.3:h:allwinnertech:r818:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9Aaw_display%20service%20has%20EoP%20Vulnerability.md
https://vul.wangan.com/a/CNVD-2021-46927
https://www.allwinnertech.com/index.php?c=product&a=index&id=92
https://www.cnvd.org.cn/flaw/show/CNVD-2021-46927

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-19T18:40:26

Updated: 2024-08-04T01:51:20.342Z

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-38789

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-19T19:15:07.903

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-38789

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-19T18:40:26", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.allwinnertech.com/index.php?c=product&a=index&id=92"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9Aaw_display%20service%20has%20EoP%20Vulnerability.md"}, {"tags": ["x_refsource_MISC"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-46927"}, {"tags": ["x_refsource_MISC"], "url": "https://vul.wangan.com/a/CNVD-2021-46927"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38789", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.allwinnertech.com/index.php?c=product&a=index&id=92", "refsource": "MISC", "url": "https://www.allwinnertech.com/index.php?c=product&a=index&id=92"}, {"name": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9Aaw_display%20service%20has%20EoP%20Vulnerability.md", "refsource": "MISC", "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9Aaw_display%20service%20has%20EoP%20Vulnerability.md"}, {"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-46927", "refsource": "MISC", "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-46927"}, {"name": "https://vul.wangan.com/a/CNVD-2021-46927", "refsource": "MISC", "url": "https://vul.wangan.com/a/CNVD-2021-46927"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:51:20.342Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.allwinnertech.com/index.php?c=product&a=index&id=92"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9Aaw_display%20service%20has%20EoP%20Vulnerability.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-46927"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vul.wangan.com/a/CNVD-2021-46927"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38789", "datePublished": "2022-01-19T18:40:26", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-08-04T01:51:20.342Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:allwinnertech:android_q_sdk:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "355226B3-ADD7-494E-958A-991E1EEC1CA1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:allwinnertech:r818:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BC23F9-2A4B-44E4-8363-F405E26AE61C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings."}, {"lang": "es", "value": "Allwinner R818 SoC Android Q SDK versi\u00f3n V1.0, est\u00e1 afectado por una vulnerabilidad de control de acceso incorrecto que no comprueba el permiso de la persona que llama, en la que una aplicaci\u00f3n de terceros podr\u00eda cambiar la configuraci\u00f3n del sistema"}], "id": "CVE-2021-38789", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-19T19:15:07.903", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9Aaw_display%20service%20has%20EoP%20Vulnerability.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://vul.wangan.com/a/CNVD-2021-46927"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.allwinnertech.com/index.php?c=product&a=index&id=92"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-46927"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}