Lucene search

MitreCVE-2018-16272

HistoryJan 22, 2020 - 2:15 p.m.

CVE-2018-16272

2020-01-2214:15:11

CWE-269

mitre

web.nvd.nist.gov

wpa_supplicant

samsung galaxy gear

wi-fi interface

security vulnerability

cve-2018-16272

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

74.4%

JSON

The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Affected configurations

Nvd

Node

samsunggalaxy_gear_firmwareRange<re2

AND

samsunggalaxy_gearMatch-

Node

samsunggear_2_firmwareRange<re2

AND

samsunggear_2Match-

Node

samsunggear_live_firmwareRange<re2

AND

samsunggear_liveMatch-

Node

samsunggear_s_firmwareRange<re2

AND

samsunggear_sMatch-

Node

samsunggear_s2_firmwareRange<re2

AND

samsunggear_s2Match-

Node

samsunggear_s3_firmwareRange<re2

AND

samsunggear_s3Match-

Node

samsunggear_sport_firmwareRange<re2

AND

samsunggear_sportMatch-

Node

samsunggear_fit_firmwareRange<re2

AND

samsunggear_fitMatch-

Node

samsunggear_fit_2_firmwareRange<re2

AND

samsunggear_fit_2Match-

Node

samsunggear_fit_2_pro_firmwareRange<re2

AND

samsunggear_fit_2_proMatch-

VendorProductVersionCPE
samsunggalaxy_gear_firmware*cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*
samsunggalaxy_gear-cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*
samsunggear_2_firmware*cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*
samsunggear_2-cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*
samsunggear_live_firmware*cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*
samsunggear_live-cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*
samsunggear_s_firmware*cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*
samsunggear_s-cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*
samsunggear_s2_firmware*cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*
samsunggear_s2-cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	galaxy_gear_firmware	*	cpe:2.3:o:samsung:galaxy_gear_firmware::::::::
samsung	galaxy_gear	-	cpe:2.3:h:samsung:galaxy_gear:-:::::::*
samsung	gear_2_firmware	*	cpe:2.3:o:samsung:gear_2_firmware::::::::
samsung	gear_2	-	cpe:2.3:h:samsung:gear_2:-:::::::*
samsung	gear_live_firmware	*	cpe:2.3:o:samsung:gear_live_firmware::::::::
samsung	gear_live	-	cpe:2.3:h:samsung:gear_live:-:::::::*
samsung	gear_s_firmware	*	cpe:2.3:o:samsung:gear_s_firmware::::::::
samsung	gear_s	-	cpe:2.3:h:samsung:gear_s:-:::::::*
samsung	gear_s2_firmware	*	cpe:2.3:o:samsung:gear_s2_firmware::::::::
samsung	gear_s2	-	cpe:2.3:h:samsung:gear_s2:-:::::::*

Rows per page:

1-10 of 201

References

media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf

www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

74.4%

JSON

Related for CVE-2018-16272