Samsung Wear Os vulnerabilities

CVE-2025-21045 [MEDIUM] CWE-922 CVE-2025-21045: Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows loc Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.

CVE-2025-20997 [MEDIUM] CVE-2025-20997: Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows lo Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch.

CVE-2025-21004 [MEDIUM] CWE-347 CVE-2025-21004: Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.

CVE-2025-20998 [MEDIUM] CVE-2025-20998: Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows lo Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number.

CVE-2025-20984 [MEDIUM] CWE-276 CVE-2025-20984: Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allow Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.

CVE-2025-20986 [MEDIUM] CVE-2025-20986: Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows loc Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots.

CVE-2025-20956 [MEDIUM] CVE-2025-20956: Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings.

CVE-2025-20946 [HIGH] CVE-2025-20946: Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bl Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction.

CVE-2025-20939 [MEDIUM] CVE-2025-20939: Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices.

CVE-2025-20945 [MEDIUM] CWE-922 CVE-2025-20945: Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to ac Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.

CVE-2025-20910 [MEDIUM] CWE-276 CVE-2025-20910: Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local at Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery.

CVE-2025-20911 [MEDIUM] CVE-2025-20911: Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch.

CVE-2025-20912 [MEDIUM] CWE-922 CVE-2025-20912: Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.

CVE-2024-34613 [MEDIUM] CVE-2024-34613: Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to ac Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.

CVE-2022-24930 [MEDIUM] CWE-284 CVE-2022-24930: An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware up An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission

CVE-2022-23996 [MEDIUM] CWE-284 CVE-2022-23996: Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission.

CVE-2022-23995 [MEDIUM] CWE-284 CVE-2022-23995: Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware u Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.

CVE-2022-23994 [LOW] CWE-284 CVE-2022-23994: An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware u An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.

CVE-2022-23997 [MEDIUM] CWE-284 CVE-2022-23997: Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Fi Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission.