CVE-2018-16270
published 2020-01-22CVE-2018-16270: Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | galaxy_gear_firmware | < re2 | re2 |
| samsung | gear_2_firmware | < re2 | re2 |
| samsung | gear_fit_2_firmware | < re2 | re2 |
| samsung | gear_fit_2_pro_firmware | < re2 | re2 |
| samsung | gear_fit_firmware | < re2 | re2 |
| samsung | gear_live_firmware | < re2 | re2 |
| samsung | gear_s2_firmware | < re2 | re2 |
| samsung | gear_s3_firmware | < re2 | re2 |
| samsung | gear_s_firmware | < re2 | re2 |
| samsung | gear_sport_firmware | < re2 | re2 |