CVE-2024-12993

Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2024/12/CVE-2024-12993/
https://cert.pl/posts/2024/12/CVE-2024-12993/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Los dispositivos Infinix contienen una aplicación "com.rlk.weathers" precargada que expone a un proveedor de contenido no seguro. Un atacante puede comunicarse con el proveedor y revelar la ubicación del usuario sin ningún privilegio. Después de varios intentos de contactar al proveedor, no recibimos ninguna respuesta. Suponemos que este problema afecta a todos los dispositivos móviles Infinix.

30 Dec 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-30 11:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-12993

Mitre link : CVE-2024-12993

CVE.ORG link : CVE-2024-12993

JSON object : View

Products Affected

No product.

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

{"id": "CVE-2024-12993", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-30T11:15:06.100", "references": [{"url": "https://cert.pl/en/posts/2024/12/CVE-2024-12993/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/12/CVE-2024-12993/", "source": "cvd@cert.pl"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u00a0\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."}, {"lang": "es", "value": "Los dispositivos Infinix contienen una aplicaci\u00f3n \"com.rlk.weathers\" precargada que expone a un proveedor de contenido no seguro. Un atacante puede comunicarse con el proveedor y revelar la ubicaci\u00f3n del usuario sin ning\u00fan privilegio. Despu\u00e9s de varios intentos de contactar al proveedor, no recibimos ninguna respuesta. Suponemos que este problema afecta a todos los dispositivos m\u00f3viles Infinix."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cvd@cert.pl"}