UNISOC Command Injection Vulnerability in Engineer Mode Service Allowing Privilege Escalation

Vulnerability

A command injection vulnerability has been identified in the engineer mode service of certain UNISOC products. This issue arises from inadequate input validation, which could lead to unauthorized command execution. Exploitation of this vulnerability may allow local privilege escalation without requiring additional execution privileges.

Impact

Exploitation of this vulnerability could result in unauthorized command execution, potentially leading to local privilege escalation.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UNISOC Command Injection Vulnerability in Engineer Mode Service Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating