Samsung Galaxy Watch Plugin vulnerabilities

CVE-2022-36873 [MEDIUM] CWE-20 CVE-2022-36873: Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to v Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.

CVE-2022-36875 [MEDIUM] CWE-284 CVE-2022-36875: Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to versio Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.

CVE-2022-36874 [MEDIUM] CWE-280 CVE-2022-36874: Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2. Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.

CVE-2022-25823 [LOW] CWE-200 CVE-2022-25823: Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows a Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.

CVE-2022-25827 [LOW] CWE-200 CVE-2022-25827: Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows at Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log

CVE-2021-25420 [MEDIUM] CWE-779 CVE-2021-25420: Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.