CVE-2020-5571

moderate-risk
Published 2020-04-23

SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device.

Do I need to act?

-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (10)

Aquos Sh-M02 Firmware
Aquos Sh-Rm02 Firmware
Aquos Mini Sh-M03 Firmware
Aquos L2 Firmware
Aquos Sense Lite Sh-M05 Firmware
Aquos Sense Firmware
Aquos Compact Sh-M06 Firmware
Aquos Sense Plus Sh-M07 Firmware
Aquos Sense2 Sh-M08 Firmware
Aquos Sense2 Firmware

Affected Vendors

Sharp

References (4)

Third Party Advisory https://jvn.jp/en/jp/JVN93064451/index.html
Third Party Advisory https://k-tai.sharp.co.jp/support/info/info036.html
Third Party Advisory https://jvn.jp/en/jp/JVN93064451/index.html
Third Party Advisory https://k-tai.sharp.co.jp/support/info/info036.html
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 16/34 · Moderate