Published: 22/01/2020 Updated: 30/01/2020

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 294

Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N

The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samsung galaxy_gear_firmware
samsung gear_2_firmware
samsung gear_live_firmware
samsung gear_s_firmware
samsung gear_s2_firmware
samsung gear_s3_firmware
samsung gear_sport_firmware
samsung gear_fit_firmware
samsung gear_fit_2_firmware
samsung gear_fit_2_pro_firmware

CWE-269 https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-16271

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect