Published: 22/01/2020 Updated: 30/01/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samsung galaxy_gear_firmware
samsung gear_2_firmware
samsung gear_live_firmware
samsung gear_s_firmware
samsung gear_s2_firmware
samsung gear_s3_firmware
samsung gear_sport_firmware
samsung gear_fit_firmware
samsung gear_fit_2_firmware
samsung gear_fit_2_pro_firmware

CWE-269 https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-16270

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect