CVE-2018-16269

CWE-200 — Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 39.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Galaxy Gear Firmware Samsung Gear 2 Firmware Samsung Gear FIT 2 Firmware +7 more

Timeline

PublishedJan 22

Latest updateMay 24

Description

The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶NVDsamsung/galaxy_gear_firmware< re2

▶NVDsamsung/gear_2_firmware< re2

▶NVDsamsung/gear_s_firmware< re2

▶NVDsamsung/gear_s2_firmware< re2

▶NVDsamsung/gear_s3_firmware< re2

🔴Vulnerability Details

GHSA

GHSA-4jwq-xq2h-426q: The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to impr↗2022-05-24

▶

CVEList

CVE-2018-16269: The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to impr↗2020-01-22

▶