Description
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the IMS component of certain Unisoc devices, an improper input validation flaw can cause the system to crash. The crash results in a denial of service that can be triggered remotely without needing elevated privileges, effectively knocking the device offline for users. The vulnerability presents a strong reliability risk as it can be repeatedly exercised by attackers who can control network traffic to the IMS interface.

Affected Systems

The flaw affects Unisoc (Shanghai) Technologies devices, specifically the SC7731E, SC9832E, SC9863A, T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T9100, T8200, and T8300 models. No specific firmware or release version information is provided, so all current deployments of these models should be considered potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity impact. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the attack vector is likely remote via the IMS interface; this inference is drawn from the mention of remote denial of service. An attacker only needs to send crafted input data to the IMS service; no exploitation of privileged execution paths is required.

Generated by OpenCVE AI on May 6, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Unisoc firmware update that addresses the input validation flaw.
  • If no update is available, block or restrict external access to the IMS service, or disable the service entirely if it is not required.
  • Monitor device logs for abnormal IMS traffic and crash events, and remediate promptly if the flaw remains unresolved.

Generated by OpenCVE AI on May 6, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 03:30:00 +0000

Type Values Removed Values Added
Title Remote Denial of Service via Improper Input Validation in Unisoc IMS
Weaknesses CWE-20

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T01:42:58.852Z

Reserved: 2026-03-02T05:55:13.665Z

Link: CVE-2025-71251

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-06T02:16:03.400

Modified: 2026-05-06T02:16:03.400

Link: CVE-2025-71251

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T03:30:05Z

Weaknesses