CVE-2022-24930

CWE-284Improper Access ControlCWE-863Incorrect Authorization3 documents3 sources
Severity
3.3LOW
EPSS
0.2%
top 60.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung Wearable DevicesSamsung Wear OS
Timeline
PublishedMar 10
Latest updateMar 11

Description

An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5samsung_mobile/samsung_wearable_devicesWear OS 3.0Firmware update Mar-2022 Release

🔴Vulnerability Details

2
GHSA
GHSA-p5c4-8m5x-vh8p: An Improper access control vulnerability in StRetailModeReceiver in Wear OS 32022-03-11
CVEList
CVE-2022-24930: An Improper access control vulnerability in StRetailModeReceiver in Wear OS 32022-03-08
CVE-2022-24930 (LOW CVSS 3.3) | An Improper access control vulnerab | cvebase.io