CVE-2018-16270
Severity
7.5HIGH
EPSS
0.4%
top 41.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 22
Latest updateMay 24
Description
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages10 packages
🔴Vulnerability Details
2GHSA▶
GHSA-fwf5-32xc-rx62: Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction↗2022-05-24
CVEList▶
CVE-2018-16270: Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction↗2020-01-22