CVE-2022-36874Improper Handling of Insufficient Permissions or Privileges in Mobile Waterplugin

CWE-280Improper Handling of Insufficient Permissions or PrivilegesCWE-755Improper Handling of Exceptional Conditions5 documents4 sources
Severity
6.2MEDIUMNVD
CNA5.9
EPSS
0.0%
top 86.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile WaterpluginSamsung Galaxy Watch Plugin
Timeline
PublishedSep 9
Latest updateSep 10

Description

Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

CVEListV5samsung_mobile/waterpluginunspecified2.2.11.22040751
NVDsamsung/galaxy_watch_plugin< 2.2.11.22040751

🔴Vulnerability Details

2
GHSA
GHSA-v4fr-g7jw-v8qx: Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 22022-09-10
CVEList
CVE-2022-36874: Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 22022-09-09
CVE-2022-36874 — Mobile Waterplugin vulnerability | cvebase