7.5

CVE-2020-5571

SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device.

Data is provided by the National Vulnerability Database (NVD)
SharpAquos Sh-m02 Firmware Version <= 01.00.05
   SharpAquos Sh-m02 Version-
SharpAquos Sh-rm02 Firmware Version <= 01.00.04
   SharpAquos Sh-rm02 Version-
SharpAquos Mini Sh-m03 Firmware Version <= 01.00.04
   SharpAquos Mini Sh-m03 Version-
SharpAquos Mini Sh-m03 Firmware Version <= 01.00.01
   SharpAquos Mini Sh-m03 Version-
SharpAquos L2 Firmware Version <= 01.00.05
   SharpAquos L2 Version-
SharpAquos Sense Lite Sh-m05 Firmware Version <= 03.00.04
   SharpAquos Sense Lite Sh-m05 Version-
SharpAquos Sense Firmware Version <= 03.00.03
   SharpAquos Sense Version-
SharpAquos Compact Sh-m06 Firmware Version <= 02.00.02
   SharpAquos Compact Sh-m06 Version-
SharpAquos Sense Plus Sh-m07 Firmware Version <= 0.2.00.02
   SharpAquos Sense Plus Sh-m07 Version-
SharpAquos Sense2 Sh-m08 Firmware Version <= 02.00.05
   SharpAquos Sense2 Sh-m08 Version-
SharpAquos Sense2 Firmware Version <= 02.00.06
   SharpAquos Sense2 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.39% 0.593
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.