CVE-2022-39096: CWE-862 Missing Authorization in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
AI Analysis
Technical Summary
CVE-2022-39096 is a high-severity vulnerability identified in the power management service of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models (T310, T606, T610, T618, T612, T616, T760, T770, T820, S8000). These chipsets are integrated into devices running Android versions 10, 11, and 12. The root cause of the vulnerability is a missing authorization check (CWE-862) within the power management service, which allows an attacker with limited privileges (low-level privileges) to configure or manipulate power management settings without requiring additional execution privileges or user interaction. The CVSS 3.1 base score of 7.8 reflects the significant impact on confidentiality, integrity, and availability, with the attack vector being local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The vulnerability scope is unchanged (S:U), meaning the impact is confined to the vulnerable component. Exploitation could lead to unauthorized control over power management functions, potentially allowing privilege escalation, denial of service through power mismanagement, or disruption of device stability and operation. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a critical concern for devices using affected Unisoc chipsets, especially in environments where local access or compromised applications exist. The absence of patches at the time of reporting further increases the risk profile for affected devices.
Potential Impact
For European organizations, the impact of CVE-2022-39096 can be significant, particularly for those relying on mobile devices or embedded systems powered by Unisoc chipsets running Android 10-12. The vulnerability could enable attackers to manipulate device power management, leading to potential denial of service, reduced device availability, or unauthorized privilege escalation. This could disrupt business operations, especially in sectors dependent on mobile communications, IoT devices, or embedded systems such as manufacturing, logistics, and critical infrastructure monitoring. Confidentiality and integrity of data on affected devices could also be compromised if attackers leverage this vulnerability to escalate privileges and access sensitive information or inject malicious code. The local attack vector suggests that insider threats or malware with limited privileges could exploit this flaw, increasing the risk in environments with less stringent endpoint security controls. Given the widespread use of Android devices across European enterprises and public sector organizations, the vulnerability poses a tangible risk to operational continuity and data security.
Mitigation Recommendations
1. Immediate device inventory and identification: Organizations should identify all devices using Unisoc chipsets listed (SC9863A, SC9832E, SC7731E, T-series models) running Android 10, 11, or 12. 2. Apply vendor updates: Monitor Unisoc and device manufacturers for security patches addressing CVE-2022-39096 and apply them promptly once available. 3. Restrict local access: Enforce strict access controls on devices to prevent unauthorized local access, including disabling or limiting debug interfaces and restricting installation of untrusted applications. 4. Harden endpoint security: Deploy endpoint detection and response (EDR) solutions capable of detecting anomalous behavior related to power management service manipulation. 5. Implement application whitelisting: Prevent installation or execution of unauthorized applications that could exploit the vulnerability. 6. Monitor device logs: Enable detailed logging of power management service activities and monitor for unusual configuration changes indicative of exploitation attempts. 7. Network segmentation: Isolate critical devices to limit lateral movement in case of compromise. 8. User awareness and training: Educate users on risks of installing untrusted applications and the importance of device security hygiene. These measures, combined with timely patching, will reduce the attack surface and mitigate exploitation risks.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Poland, Netherlands, Belgium, Sweden, Finland
CVE-2022-39096: CWE-862 Missing Authorization in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
Description
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
AI-Powered Analysis
Technical Analysis
CVE-2022-39096 is a high-severity vulnerability identified in the power management service of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models (T310, T606, T610, T618, T612, T616, T760, T770, T820, S8000). These chipsets are integrated into devices running Android versions 10, 11, and 12. The root cause of the vulnerability is a missing authorization check (CWE-862) within the power management service, which allows an attacker with limited privileges (low-level privileges) to configure or manipulate power management settings without requiring additional execution privileges or user interaction. The CVSS 3.1 base score of 7.8 reflects the significant impact on confidentiality, integrity, and availability, with the attack vector being local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The vulnerability scope is unchanged (S:U), meaning the impact is confined to the vulnerable component. Exploitation could lead to unauthorized control over power management functions, potentially allowing privilege escalation, denial of service through power mismanagement, or disruption of device stability and operation. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a critical concern for devices using affected Unisoc chipsets, especially in environments where local access or compromised applications exist. The absence of patches at the time of reporting further increases the risk profile for affected devices.
Potential Impact
For European organizations, the impact of CVE-2022-39096 can be significant, particularly for those relying on mobile devices or embedded systems powered by Unisoc chipsets running Android 10-12. The vulnerability could enable attackers to manipulate device power management, leading to potential denial of service, reduced device availability, or unauthorized privilege escalation. This could disrupt business operations, especially in sectors dependent on mobile communications, IoT devices, or embedded systems such as manufacturing, logistics, and critical infrastructure monitoring. Confidentiality and integrity of data on affected devices could also be compromised if attackers leverage this vulnerability to escalate privileges and access sensitive information or inject malicious code. The local attack vector suggests that insider threats or malware with limited privileges could exploit this flaw, increasing the risk in environments with less stringent endpoint security controls. Given the widespread use of Android devices across European enterprises and public sector organizations, the vulnerability poses a tangible risk to operational continuity and data security.
Mitigation Recommendations
1. Immediate device inventory and identification: Organizations should identify all devices using Unisoc chipsets listed (SC9863A, SC9832E, SC7731E, T-series models) running Android 10, 11, or 12. 2. Apply vendor updates: Monitor Unisoc and device manufacturers for security patches addressing CVE-2022-39096 and apply them promptly once available. 3. Restrict local access: Enforce strict access controls on devices to prevent unauthorized local access, including disabling or limiting debug interfaces and restricting installation of untrusted applications. 4. Harden endpoint security: Deploy endpoint detection and response (EDR) solutions capable of detecting anomalous behavior related to power management service manipulation. 5. Implement application whitelisting: Prevent installation or execution of unauthorized applications that could exploit the vulnerability. 6. Monitor device logs: Enable detailed logging of power management service activities and monitor for unusual configuration changes indicative of exploitation attempts. 7. Network segmentation: Isolate critical devices to limit lateral movement in case of compromise. 8. User awareness and training: Educate users on risks of installing untrusted applications and the importance of device security hygiene. These measures, combined with timely patching, will reduce the attack surface and mitigate exploitation risks.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Unisoc
- Date Reserved
- 2022-09-01T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9847c4522896dcbf58be
Added to database: 5/21/2025, 9:09:27 AM
Last enriched: 6/21/2025, 7:25:28 PM
Last updated: 8/11/2025, 6:45:58 AM
Views: 12
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.