Detections
Analytics

CVE-2021-40180

high

Description

In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.

References

https://pan.baidu.com/s/1RqMrZBruZZ4OHdnXUN5xDw

https://pan.baidu.com/s/116sAQvs1CEzCeIfpI1NZvA

https://github.com/BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions/blob/main/WX%20applet%20contact%20permission%20vulnerability%20report.pdf

https://arxiv.org/pdf/2205.15202.pdf

Details

Source: Mitre, NVD

Published: 2022-07-26

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00137