Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-6334

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."

Published

2012-12-31T11:50:28.047

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.9 (LOW)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:N/I:P/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

5.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samsung	samsungdive	-	Yes
Hardware	samsung	galaxy_note_2	-	No
Hardware	samsung	galaxy_s	-	No
Hardware	samsung	galaxy_s2	-	No

References

http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html ([email protected])
http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html (af854a3a-2127-422b-91ae-364da2661108)