CVE Vulnerability

CVE-2021-40180

In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://arxiv.org/pdf/2205.15202.pdf Mitigation Technical Description
https://pan.baidu.com/s/1RqMrZBruZZ4OHdnXUN5xDw Exploit Permissions Required
https://pan.baidu.com/s/116sAQvs1CEzCeIfpI1NZvA Exploit Permissions Required
https://github.com/BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions/blob/main/WX%20applet%20contact%20permission%20vulnerability%20report.pdf Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:tencent:wechat:8.0.10:*:*:*:*:android:*:*
cpe:2.3:a:tencent:wechat:8.0.10:*:*:*:*:iphone_os:*:*
Information

Published : 2022-07-26 11:15

Updated : 2022-08-04 04:17

NVD link : CVE-2021-40180

Mitre link : CVE-2021-40180

Products Affected
No products.
CWE
CWE-200