CVE-2021-25420

CWE-779CWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 73.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Galaxy Watch PluginSamsung Galaxy Watch Plugin
Timeline
PublishedJun 11
Latest updateMay 24

Description

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/galaxy_watch_plugin< 2.2.05.21033151
CVEListV5samsung_mobile/galaxy_watch_pluginunspecified2.2.05.21033151

🔴Vulnerability Details

2
GHSA
GHSA-g6hg-4jxh-87cr: Improper log management vulnerability in Galaxy Watch PlugIn prior to version 22022-05-24
CVEList
CVE-2021-25420: Improper log management vulnerability in Galaxy Watch PlugIn prior to version 22021-06-11
CVE-2021-25420 (MEDIUM CVSS 5.5) | Improper log management vulnerabili | cvebase.io