CVE-2025-31715
Description
In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In vowifi service, improper input validation leads to remote command injection without authentication, enabling complete device compromise.
Vulnerability
Analysis
vowifi (VoWiFi) service contains a command injection vulnerability (CWE-77) due to improper input validation [1]. The flaw allows an attacker to inject arbitrary operating system commands into a vulnerable system call because the service does not properly neutralize special elements supplied via the network [1].
Exploitability
The vulnerability can be exploited remotely without authentication or user interaction [1]. The CVSS v3 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates that no privileges are required and the attack complexity is low, making it trivial for an attacker on the network to trigger the command injection [1].
Impact
Successful exploitation leads to remote escalation of privilege, allowing the attacker to execute arbitrary commands with the highest privileges on the device [1]. This results in complete compromise of confidentiality, integrity, and availability of the affected device.
Mitigation
UNISOC has addressed this vulnerability in a security announcement, and affected chipsets include SL8521E/SL8521ET, SL8541E, UIS8141E, UWS6137, UWS6137E, UWS6151(E), and UWS6152, running Mocor5 or Android 8.1/9 [1]. Users should apply firmware updates from their device vendors as soon as possible.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.