Vulnerabilities in Unisoc (Shanghai) Technologies Co., Ltd.
647 resultsCVE-2025-31715CRITICALIn vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilegeEPSS 1.6%CVE-2022-38696CRITICALIn BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution EPSS 0.8%CVE-2022-38693CRITICALIn FDL1, there is a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution prEPSS 0.8%CVE-2025-31713HIGHIn engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of priEPSS 0.7%CVE-2025-31717HIGHIn modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional EPSS 0.6%CVE-2025-31718HIGHIn modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additEPSS 0.6%CVE-2022-38694HIGHIn BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution priviEPSS 0.6%CVE-2025-61611HIGHIn modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privilegeEPSS 0.6%CVE-2023-42716HIGHIn telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional executionEPSS 0.4%CVE-2023-42717—In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional executionEPSS 0.4%CVE-2023-33913—In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalatioEPSS 0.4%CVE-2022-38692CRITICALIn BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without rEPSS 0.4%CVE-2025-31710MEDIUMIn engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privEPSS 0.4%CVE-2023-40632—In jpg driver, there is a possible use after free due to a logic error. This could lead to remote information disclosure no additional execuEPSS 0.4%CVE-2023-33914—In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information EPSS 0.4%CVE-2023-52533MEDIUMIn modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosuEPSS 0.4%CVE-2023-52344MEDIUMIn modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosuEPSS 0.4%CVE-2023-33915—In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional executioEPSS 0.3%CVE-2023-52341HIGHIn Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to EPSS 0.3%CVE-2023-52342HIGHIn modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosuEPSS 0.3%