Description
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the IMS component of certain Unisoc devices, an improper input validation flaw can cause the system to crash. The crash results in a denial of service that can be triggered remotely without needing elevated privileges, effectively knocking the device offline for users. The vulnerability presents a strong reliability risk as it can be repeatedly exercised by attackers who can control network traffic to the IMS interface.

Affected Systems

The flaw affects Unisoc (Shanghai) Technologies devices, specifically the SC7731E, SC9832E, SC9863A, T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T9100, T8200, and T8300 models. No specific firmware or release version information is provided, so all current deployments of these models should be considered potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity impact. The EPSS score is 0.00066 (<1%), and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the attack vector is likely remote via the IMS interface; this inference is drawn from the mention of remote denial of service. An attacker only needs to send crafted input data to the IMS service; no exploitation of privileged execution paths is required.

Generated by OpenCVE AI on May 11, 2026 at 19:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Unisoc firmware update that addresses the input validation flaw.
  • If no update is available, block or restrict external access to the IMS service, or disable the service entirely if it is not required.
  • Monitor device logs for abnormal IMS traffic and crash events, and remediate promptly if the flaw remains unresolved.

Generated by OpenCVE AI on May 11, 2026 at 19:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title Unisoc IMS Input Validation Vulnerability Leading to Remote Denial of Service
Weaknesses CWE-119
CWE-20

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Title Remote Denial of Service via Improper Input Validation in Unisoc IMS
Weaknesses CWE-20

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
Vendors & Products Google
Google android

Wed, 06 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7225
Unisoc t7250
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t8300
Unisoc t9100
Vendors & Products Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7225
Unisoc t7250
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t8300
Unisoc t9100

Wed, 06 May 2026 03:30:00 +0000

Type Values Removed Values Added
Title Remote Denial of Service via Improper Input Validation in Unisoc IMS
Weaknesses CWE-20

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T15:24:46.337Z

Reserved: 2026-03-02T05:55:13.665Z

Link: CVE-2025-71251

cve-icon Vulnrichment

Updated: 2026-05-06T14:38:02.080Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T02:16:03.400

Modified: 2026-05-11T15:13:47.117

Link: CVE-2025-71251

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T20:00:15Z

Weaknesses