CVE-2021-25424 — Improper Authentication in Mobile Tizen Wearable Devices

CWE-287 — Improper Authentication3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 55.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Tizen Wearable Devices Samsung Galaxy Watch 3 Firmware Samsung Galaxy Watch Active 2 Firmware +7 more

Timeline

PublishedJun 11

Latest updateMay 24

Description

Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5samsung_mobile/tizen_wearable_devices5.5 — Firmware update JUN-2021 Release

▶NVDsamsung/gear_2_firmware< 5.5

▶NVDsamsung/gear_s_firmware< 5.5

▶NVDsamsung/gear_s2_firmware< 5.5

▶NVDsamsung/gear_s3_firmware< 5.5

🔴Vulnerability Details

GHSA

GHSA-f9wq-7pg8-8r2r: Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the use↗2022-05-24

▶

CVEList

CVE-2021-25424: Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the use↗2021-06-11

▶