cbcvebase.

Samsung Mobile Devices vulnerabilities

374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.

Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95

Vulnerabilities

Page 16 of 19
CVE-2022-30751P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-30751 [LOW] CWE-284 CVE-2022-30751: Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to S Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
nvd
CVE-2022-30750P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-30750 [LOW] CWE-284 CVE-2022-30750: Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient p Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
nvd
CVE-2022-33722P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33722 [LOW] CWE-285 CVE-2022-33722: Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacke Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.
nvd
CVE-2022-33714P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33714 [LOW] CWE-284 CVE-2022-33714: Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.
nvd
CVE-2022-39896P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Dec-2022 Release 12022-12-08
CVE-2022-39896 [LOW] CWE-284 CVE-2022-39896: Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
nvd
CVE-2022-36856P4LOWCVSS 3.3≥ S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36856 [LOW] CWE-284 CVE-2022-36856: Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission.
nvd
CVE-2022-39894P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Dec-2022 Release 12022-12-08
CVE-2022-39894 [LOW] CWE-284 CVE-2022-39894: Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-20 Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
nvd
CVE-2022-39887P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Nov-2022 Release 12022-11-09
CVE-2022-39887 [LOW] CWE-284 CVE-2022-39887: Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Rel Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.
nvd
CVE-2022-39849P4LOWCVSS 3.3≥ S(12), < SMR Oct-2022 Release 12022-10-07
CVE-2022-39849 [LOW] CWE-284 CVE-2022-39849: Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows una Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.
nvd
CVE-2022-39850P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Oct-2022 Release 12022-10-07
CVE-2022-39850 [LOW] CWE-284 CVE-2022-39850: Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allow Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.
nvd
CVE-2023-21512P4LOWCVSS 3.3≥ Android 11, 12, 13, < SMR Jun-2023 Release 12023-06-28
CVE-2023-21512 [LOW] CWE-269 CVE-2023-21512: Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows l Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
nvd
CVE-2023-21487P4LOWCVSS 3.3≥ Android 11, 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21487 [LOW] CWE-287 CVE-2023-21487: Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.
nvd
CVE-2021-25364P4LOWCVSS 3.3≥ R(11.0), < SMR APR-2021 Release 12021-04-09
CVE-2021-25364 [LOW] CWE-200 CVE-2021-25364: A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unpr A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
nvd
CVE-2022-36868P4LOWCVSS 3.3≥ R(11), S(12), < SMR Oct-2022 Release 12022-10-07
CVE-2022-36868 [LOW] CWE-20 CVE-2022-36868: Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 le Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.
nvd
CVE-2022-23999P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Feb-2022 Release 12022-02-11
CVE-2022-23999 [LOW] CWE-20 CVE-2022-23999: PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local at PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
nvd
CVE-2022-24000P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Feb-2022 Release 12022-02-11
CVE-2022-24000 [LOW] CWE-20 CVE-2022-24000: PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 a PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
nvd
CVE-2022-39904P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Dec-2022 Release 12022-12-08
CVE-2022-39904 [LOW] CWE-200 CVE-2022-39904: Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.
nvd
CVE-2022-22266P4LOWCVSS 3.3≥ P(9.0), Q(10.0), R(11.0), < SMR Jan-2022 Release 12022-01-10
CVE-2022-22266 [LOW] CWE-269 CVE-2022-22266: (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity applicati (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
nvd
CVE-2022-22269P4LOWCVSS 3.3≥ P(9.0), Q(10.0), R(11.0), < SMR Jan-2022 Release 12022-01-10
CVE-2022-22269 [LOW] CWE-285 CVE-2022-22269: Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allo Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
nvd
CVE-2022-39906P4LOWCVSS 3.3≥ Q(10), R(11), S(12), T(13), < SMR Dec-2022 Release 12022-12-08
CVE-2022-39906 [LOW] CWE-284 CVE-2022-39906: Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.
nvd
Samsung Mobile Devices vulnerabilities | cvebase