All the vulnerabilites related to samsung - galaxy_note_2
Vulnerability from fkie_nvd
Published
2019-11-06 23:15
Modified
2024-11-21 04:30
Severity ?
Summary
Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_s8_plus_firmware | - | |
| samsung | galaxy_s8_plus | - | |
| samsung | galaxy_s3_firmware | - | |
| samsung | galaxy_s3 | - | |
| samsung | galaxy_note_2_firmware | - | |
| samsung | galaxy_note_2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s8_plus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "357006C1-11B3-49D2-A8DE-03DF52501DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s8_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71B1548A-DF80-4530-8B0E-0B83D414AAD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E17ACF33-BA4B-4FD4-811F-4AD860C016E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A294254-1687-4340-BF07-06373FBFC072",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_note_2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABF64AC-AA4A-4108-86AF-C976CC2530EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C11A19CD-FAFE-45ED-A24C-72642C3ED565",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks."
},
{
"lang": "es",
"value": "Los dispositivos Samsung Galaxy S8 plus (versi\u00f3n de Android: 8.0.0, N\u00famero de Compilaci\u00f3n: R16NW.G955USQU5CRG3, Suplidor de Banda Base: Qualcomm Snapdragon 835, Banda Base: G955USQU5CRG3), Samsung Galaxy S3 (versi\u00f3n de Android: 4.3, N\u00famero de Compilaci\u00f3n: JSS15J.I9300XXUGND5, Suplidor de Banda Base: Samsung Exynos 4412, Banda Base: I9300XXUGNA8) y Samsung Galaxy Note 2 (versi\u00f3n de Android: 4.3, N\u00famero de Compilaci\u00f3n: JSS15J.I9300XUGND5, Suplidor de Banda Base: Samsung Exynos 4412, Banda Base: N7100DDUFND1), permiten a atacantes enviar comandos AT mediante Bluetooth, resultando en varios ataques de Denegaci\u00f3n de Servicio (DoS)."
}
],
"id": "CVE-2019-16400",
"lastModified": "2024-11-21T04:30:38.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T23:15:10.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-31 11:50
Modified
2024-11-21 01:46
Severity ?
Summary
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsungdive | - | |
| samsung | galaxy_note_2 | - | |
| samsung | galaxy_s | - | |
| samsung | galaxy_s2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:samsungdive:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2FC077-4D6C-4342-9B7F-FE2AC47F736A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C11A19CD-FAFE-45ED-A24C-72642C3ED565",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A60CAD7B-6A6C-4627-B999-AA442F210486",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27B05798-6E5E-4DCD-810E-680DEB3BDE97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a \"commonly available simple GPS location spoofer.\""
},
{
"lang": "es",
"value": "La funci\u00f3n \"Track My Mobile\" en el subsistema SamsungDive para Android en los dispositivos Samsung Galaxy no implementa correctamente las APIs de localizaci\u00f3n, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos proporcionar datos de localizaci\u00f3n de su elecci\u00f3n a trav\u00e9s de un \"sencillo spoofer de localizaci\u00f3n GPS com\u00fanmente disponible.\"\r\n"
}
],
"id": "CVE-2012-6334",
"lastModified": "2024-11-21T01:46:01.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-31T11:50:28.047",
"references": [
{
"source": "cve@mitre.org",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 23:15
Modified
2024-11-21 04:30
Severity ?
Summary
Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_s8_plus_firmware | - | |
| samsung | galaxy_s8_plus | - | |
| samsung | galaxy_s3_firmware | - | |
| samsung | galaxy_s3 | - | |
| samsung | galaxy_note_2_firmware | - | |
| samsung | galaxy_note_2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s8_plus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "357006C1-11B3-49D2-A8DE-03DF52501DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s8_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71B1548A-DF80-4530-8B0E-0B83D414AAD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E17ACF33-BA4B-4FD4-811F-4AD860C016E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A294254-1687-4340-BF07-06373FBFC072",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_note_2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABF64AC-AA4A-4108-86AF-C976CC2530EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C11A19CD-FAFE-45ED-A24C-72642C3ED565",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status."
},
{
"lang": "es",
"value": "Los dispositivos Samsung Galaxy S8 plus (versi\u00f3n de Android: 8.0.0, N\u00famero de Compilaci\u00f3n: R16NW.G955USQU5CRG3, Suplidor de Banda Base: Qualcomm Snapdragon 835, Banda Base: G955USQU5CRG3), Samsung Galaxy S3 (versi\u00f3n de Android: 4.3, N\u00famero de Compilaci\u00f3n: JSS15J.I9300XXUGND5, Suplidor de Banda Base: Samsung Exynos 4412, Banda Base: I9300XXUGNA8) y Samsung Galaxy Note 2 (versi\u00f3n de Android: 4.3, N\u00famero de Compilaci\u00f3n: JSS15J.I9300XUGND5, Suplidor de Banda Base: Samsung Exynos 4412, Banda Base: N7100DDUFND1), permiten la inyecci\u00f3n de AT+CIMI y AT+CGSN mediante Bluetooth, una filtrado de informaci\u00f3n confidencial, como IMSI, IMEI, estado de la llamada, etapa de configuraci\u00f3n de la llamada, estado del servicio de Internet, intensidad de la se\u00f1al, estado de roaming actual, nivel de bater\u00eda y estado de llamada retenida."
}
],
"id": "CVE-2019-16401",
"lastModified": "2024-11-21T04:30:38.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T23:15:10.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-31 11:50
Modified
2024-11-21 01:46
Severity ?
Summary
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsungdive | - | |
| samsung | galaxy_note_2 | - | |
| samsung | galaxy_s | - | |
| samsung | galaxy_s2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:samsungdive:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2FC077-4D6C-4342-9B7F-FE2AC47F736A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C11A19CD-FAFE-45ED-A24C-72642C3ED565",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A60CAD7B-6A6C-4627-B999-AA442F210486",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27B05798-6E5E-4DCD-810E-680DEB3BDE97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data."
},
{
"lang": "es",
"value": "La funcionalidad Track My Mobile en el subsistema SamsungDive para Android en dispositivos Samsung Galaxy muestra la activaci\u00f3n de seguimiento a distancia, lo que podr\u00eda permitir a los atacantes f\u00edsicamente pr\u00f3ximos a vencer a un esfuerzo de recuperaci\u00f3n de producto mediante la manipulaci\u00f3n de esta funci\u00f3n o sus datos de localizaci\u00f3n."
}
],
"id": "CVE-2012-6337",
"lastModified": "2024-11-21T01:46:01.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-31T11:50:28.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 00:55
Modified
2024-11-21 01:46
Severity ?
Summary
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:meizu:mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBFA2B5-7276-4C8C-A2B2-FDD69CFBD623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C11A19CD-FAFE-45ED-A24C-72642C3ED565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27B05798-6E5E-4DCD-810E-680DEB3BDE97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse."
},
{
"lang": "es",
"value": "El n\u00facleo en Samsung S2 Galaxy, Galaxy Note 2, Meizu MX, y posiblemente en otros dispositivos Android, cuando se ejecuta un procesador Exynos 4210 o 4412, utiliza permisos d\u00e9biles (0666) para /dev/exynos-mem, que permite a los atacantes leer o escribir en la memoria f\u00edsica arbitraria y obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, como se demuestra por ExynosAbuse."
}
],
"id": "CVE-2012-6422",
"lastModified": "2024-11-21T01:46:05.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-18T00:55:04.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"source": "cve@mitre.org",
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/88467"
},
{
"source": "cve@mitre.org",
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"source": "cve@mitre.org",
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/88467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-16400
Vulnerability from cvelistv5
Published
2019-11-06 22:12
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T22:12:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210",
"refsource": "MISC",
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16400",
"datePublished": "2019-11-06T22:12:26",
"dateReserved": "2019-09-18T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6422
Vulnerability from cvelistv5
Published
2012-12-18 00:00
Modified
2024-09-16 19:15
Severity ?
EPSS score ?
Summary
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices | x_refsource_MISC | |
| http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible | x_refsource_MISC | |
| http://forum.xda-developers.com/showthread.php?p=35469999 | x_refsource_MISC | |
| http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/ | x_refsource_MISC | |
| http://forum.xda-developers.com/showthread.php?t=2051290 | x_refsource_MISC | |
| http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/ | x_refsource_MISC | |
| http://osvdb.org/88467 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"name": "88467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/88467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"name": "88467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/88467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices",
"refsource": "MISC",
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
},
{
"name": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible",
"refsource": "MISC",
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"name": "http://forum.xda-developers.com/showthread.php?p=35469999",
"refsource": "MISC",
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"name": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/",
"refsource": "MISC",
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"name": "http://forum.xda-developers.com/showthread.php?t=2051290",
"refsource": "MISC",
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"name": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/",
"refsource": "MISC",
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"name": "88467",
"refsource": "OSVDB",
"url": "http://osvdb.org/88467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6422",
"datePublished": "2012-12-18T00:00:00Z",
"dateReserved": "2012-12-17T00:00:00Z",
"dateUpdated": "2024-09-16T19:15:58.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16401
Vulnerability from cvelistv5
Published
2019-11-06 22:14
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T22:14:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210",
"refsource": "MISC",
"url": "https://www.openconf.org/acsac2019/modules/request.php?module=oc_program\u0026action=summary.php\u0026id=210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16401",
"datePublished": "2019-11-06T22:14:04",
"dateReserved": "2019-09-18T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6334
Vulnerability from cvelistv5
Published
2012-12-31 11:00
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
References
| ▼ | URL | Tags |
|---|---|---|
| http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a \"commonly available simple GPS location spoofer.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-31T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a \"commonly available simple GPS location spoofer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html",
"refsource": "MISC",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6334",
"datePublished": "2012-12-31T11:00:00Z",
"dateReserved": "2012-12-13T00:00:00Z",
"dateUpdated": "2024-09-16T17:28:53.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6337
Vulnerability from cvelistv5
Published
2012-12-31 11:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-31T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html",
"refsource": "MISC",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6337",
"datePublished": "2012-12-31T11:00:00Z",
"dateReserved": "2012-12-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:30:49.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}