The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.

The health module has insufficient restrictions on loading URLs, which may lead to some information leakage.

Some parameters of the alarm clock module are improperly stored, leaking some sensitive information.

Locally installed application can bypass the permission check and perform system operations that require permission.

Some parameters of the weather module are improperly stored, leaking some sensitive information.

The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.

Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.

When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.

The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files