CVE-2021-33057

Summary

CVE	CVE-2021-33057
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-26 23:15:00 UTC
Updated	2022-08-04 16:40:00 UTC
Description	The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device's location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center.

Risk And Classification

Problem Types: CWE-862

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Tencent	Qq	8.7.1	All	All	All
Application	Tencent	Qq	8.7.1	All	All	All

References

Reference	Source	Link	Tags
Tencent 腾讯	MISC	tencent.com
Vulnerabilities-Related-to-Mini-Programs-Permissions/QQ applet location permission vulnerability report.pdf at main · BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions · GitHub	MISC	github.com
arxiv.org/pdf/2205.15202.pdf	MISC	arxiv.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

630825 QQ application For Android Missing Authorization Vulnerability