UNISOC Android Chipsets Engineer Mode Command Injection Vulnerability Allowing Privilege Escalation

Vulnerability

A command injection vulnerability has been identified in the engineer mode service of certain UNISOC Android chipsets. This issue arises from improper input validation, which could lead to local privilege escalation without requiring additional execution privileges. The vulnerability affects chipsets including SL8521E, SL8521ET, SL8541E, UIS8141E, UWS6137, UWS6137E, UWS6151E, and UWS6152, on software versions Mocor5, Android 8.1, and Android 9.

Impact

Exploitation of this vulnerability could result in unauthorized local privilege escalation.

Added: Aug 18, 2025, 1:19 AM

Updated: Aug 18, 2025, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UNISOC Android Chipsets Engineer Mode Command Injection Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating