Description
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Modem IMS component of Unisoc's SC series processors. It arises from improper input validation that can be triggered by crafted packets. An attacker does not need elevated privileges; successfully exploiting the flaw can cause the modem to crash or reset, leading to a loss of network connectivity. The flaw results in a denial of service without affecting confidentiality or integrity, but it can disrupt communications for any user relying on the affected device.

Affected Systems

Affected vendors and products include Unisoc (Shanghai) Technologies Co., Ltd., specifically the SC7731E, SC9832E, SC9863A, T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T9100, T8200, and T8300. The vulnerability impacts the Modem IMS module within these chipsets or devices that incorporate them. The current data does not list a specific patched version, so users should consult the vendor for firmware updates.

Risk and Exploitability

With a CVSS score of 7.5, the flaw is considered high severity. The EPSS score of 0.00064 indicates a very low but nonzero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting there may be no known public exploitation campaigns. However, because the attacker can trigger the denial of service remotely by sending malformed traffic to the Modem IMS interface, the attack vector is likely network-based. The absence of privilege escalation means the threat is limited to service interruption, but it can severely affect availability for users of the affected devices.

Generated by OpenCVE AI on May 11, 2026 at 18:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware or microcode update from Unisoc that addresses the Modem IMS input validation issue.
  • Configure network security controls to detect and filter malformed IMS packets, such as packet inspection and rate limiting on the modem interfaces.
  • Monitor device logs and performance metrics for signs of repeated resets or crashes, and temporarily isolate the device if repeated DoS conditions occur to prevent network disruption.

Generated by OpenCVE AI on May 11, 2026 at 18:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Unisoc Modem IMS Enables Remote Denial of Service
Weaknesses CWE-20

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
Vendors & Products Google
Google android

Wed, 06 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7225
Unisoc t7250
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t8300
Unisoc t9100
Vendors & Products Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7225
Unisoc t7250
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t8300
Unisoc t9100

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T15:24:40.341Z

Reserved: 2026-03-02T05:55:13.665Z

Link: CVE-2025-71252

cve-icon Vulnrichment

Updated: 2026-05-06T14:37:32.798Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T02:16:04.733

Modified: 2026-05-11T15:13:05.140

Link: CVE-2025-71252

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T18:15:41Z

Weaknesses