6.2

CVE-2022-33733

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SamsungCharm Version < 1.2.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.17
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mobile.security@samsung.com 6.2 2.5 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-927 Use of Implicit Intent for Sensitive Communication

The Android application uses an implicit intent for transmitting sensitive data to other applications.