We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
Reserved 2024-12-27 | Published 2024-12-30 | Updated 2024-12-30 | Assigner CERT-PLCWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
Szymon Chadam
cert.pl/en/posts/2024/12/CVE-2024-12993/
cert.pl/posts/2024/12/CVE-2024-12993/
Support options