CVE-2021-25421

CWE-779CWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 73.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Galaxy Watch3 PluginSamsung Galaxy Watch 3 Plugin
Timeline
PublishedJun 11
Latest updateMay 24

Description

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/galaxy_watch_3_plugin< 2.2.09.21033151
CVEListV5samsung_mobile/galaxy_watch3_pluginunspecified2.2.09.21033151

🔴Vulnerability Details

2
GHSA
GHSA-8gp7-gq2p-694f: Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 22022-05-24
CVEList
CVE-2021-25421: Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 22021-06-11
CVE-2021-25421 (MEDIUM CVSS 5.5) | Improper log management vulnerabili | cvebase.io