⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-0889Google Android vulnerability

4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
2.9%
top 13.53%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Google Android
Timeline
PublishedDec 15
Latest updateDec 16

Description

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/androidAndroid-10 Android-11 Android-12 Android-8.1 Android-9
NVDgoogle/android5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-56fq-7jc4-6x2c: In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow2021-12-16
OSV
CVE-2021-0889: In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow2021-11-01

📋Vendor Advisories

1
Android
CVE-2021-0889: Android TV Remote Service2021-11-01
CVE-2021-0889 — Google Android vulnerability | cvebase