UNISOC Vowifi Service Command Injection Vulnerability Allowing Remote Privilege Escalation

Vulnerability

A command injection vulnerability has been identified in the UNISOC Vowifi service, arising from inadequate input validation. This issue could facilitate remote privilege escalation without requiring additional execution privileges. The vulnerability affects several chipsets, including SL8521E, SL8521ET, SL8541E, UIS8141E, UWS6137, UWS6137E, UWS6151E, and UWS6152. It is present in the Mocor5 software version, specifically within the Android 8.1 and Android 9 environments.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights or access within the system or application.

Added: Aug 18, 2025, 1:18 AM

Updated: Aug 18, 2025, 1:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UNISOC Vowifi Service Command Injection Vulnerability Allowing Remote Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating