Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-16270

Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.

Published

2020-01-22T14:15:11.213

Last Modified

2024-11-21T03:52:25.633

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-269
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System samsung galaxy_gear_firmware < re2 Yes
Hardware samsung galaxy_gear - No
Operating System samsung gear_2_firmware < re2 Yes
Hardware samsung gear_2 - No
Operating System samsung gear_live_firmware < re2 Yes
Hardware samsung gear_live - No
Operating System samsung gear_s_firmware < re2 Yes
Hardware samsung gear_s - No
Operating System samsung gear_s2_firmware < re2 Yes
Hardware samsung gear_s2 - No
Operating System samsung gear_s3_firmware < re2 Yes
Hardware samsung gear_s3 - No
Operating System samsung gear_sport_firmware < re2 Yes
Hardware samsung gear_sport - No
Operating System samsung gear_fit_firmware < re2 Yes
Hardware samsung gear_fit - No
Operating System samsung gear_fit_2_firmware < re2 Yes
Hardware samsung gear_fit_2 - No
Operating System samsung gear_fit_2_pro_firmware < re2 Yes
Hardware samsung gear_fit_2_pro - No
References