CVE-2022-33718 — Incorrect Authorization in Mobile Devices

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

3.3LOWNVD

CNA6.2

EPSS

0.0%

top 95.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedAug 5

Latest updateAug 6

Description

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesQ(10), R(11), S(12) — SMR Aug-2022 Release 1

▶NVDgoogle/android10.0, 11.0, 12.0+2

🔴Vulnerability Details

GHSA

GHSA-2xrq-fg58-79g9: An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps↗2022-08-06

▶

CVEList

CVE-2022-33718: An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps↗2022-08-05

▶