{"vulnerability": "CVE-2022-2025", "sightings": [{"uuid": "df54afe5-70d5-481e-864c-8ac68bbde690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20259", "type": "seen", "source": "https://t.me/cibsecurity/48040", "content": "\u203c CVE-2022-20259 \u203c\n\nIn Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221431393\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:33:43.000000Z"}, {"uuid": "592aaf12-86ce-46c3-9c52-462178f1c030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2025", "type": "seen", "source": "https://t.me/cibsecurity/50355", "content": "\u203c CVE-2022-2025 \u203c\n\nan attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T20:43:42.000000Z"}, {"uuid": "c044926b-2605-4329-a73d-57e67ed29743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20257", "type": "seen", "source": "https://t.me/cibsecurity/48039", "content": "\u203c CVE-2022-20257 \u203c\n\nIn Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222289114\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:33:43.000000Z"}, {"uuid": "65c1a468-363a-4a03-aaf9-088aef56d3a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20254", "type": "seen", "source": "https://t.me/cibsecurity/48032", "content": "\u203c CVE-2022-20254 \u203c\n\nIn Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-223377547\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:33:33.000000Z"}]}