7.5

CVE-2018-16270

Exploit
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SamsungGalaxy Gear Firmware Version < re2
   SamsungGalaxy Gear Version-
SamsungGear 2 Firmware Version < re2
   SamsungGear 2 Version-
SamsungGear Live Firmware Version < re2
   SamsungGear Live Version-
SamsungGear S Firmware Version < re2
   SamsungGear S Version-
SamsungGear S2 Firmware Version < re2
   SamsungGear S2 Version-
SamsungGear S3 Firmware Version < re2
   SamsungGear S3 Version-
SamsungGear Sport Firmware Version < re2
   SamsungGear Sport Version-
SamsungGear Fit Firmware Version < re2
   SamsungGear Fit Version-
SamsungGear Fit 2 Firmware Version < re2
   SamsungGear Fit 2 Version-
SamsungGear Fit 2 Pro Firmware Version < re2
   SamsungGear Fit 2 Pro Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.575
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.