CVE-2022-39858

CWE-22 — Path Traversal3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 79.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Factorycamera Samsung Factorycamera

Timeline

PublishedOct 7

Description

Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:LExploitability: 2.5 | Impact: 4.7

Affected Packages2 packages

▶NVDsamsung/factorycamera< 3.5.51

▶CVEListV5samsung_mobile/factorycameraunspecified — 3.5.51

🔴Vulnerability Details

GHSA

GHSA-m8hp-vh5f-j47f: Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3↗2022-10-07

▶

CVEList

CVE-2022-39858: Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3↗2022-10-07

▶