Samsung Mobile Devices vulnerabilities

CVE-2022-33685 [MEDIUM] CWE-561 CVE-2022-33685: Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows atta Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.

CVE-2022-30758 [MEDIUM] CWE-276 CVE-2022-30758: Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attac Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.

CVE-2022-33702 [MEDIUM] CWE-285 CVE-2022-33702: Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attac Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.

CVE-2022-33688 [LOW] CWE-532 CVE-2022-33688: Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2 Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

CVE-2022-33694 [LOW] CWE-213 CVE-2022-33694: Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local at Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.

CVE-2022-33692 [LOW] CWE-213 CVE-2022-33692: Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows lo Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

CVE-2022-33693 [LOW] CWE-200 CVE-2022-33693: Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attack Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

CVE-2022-33698 [LOW] CWE-200 CVE-2022-33698: Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows loca Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.

CVE-2022-33689 [LOW] CWE-287 CVE-2022-33689: Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attacker Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.

CVE-2022-30757 [LOW] CWE-285 CVE-2022-30757: Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CI Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.

CVE-2022-33701 [LOW] CWE-284 CVE-2022-33701: Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 al Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.

CVE-2022-30753 [LOW] CWE-200 CVE-2022-30753: Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 al Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.

CVE-2022-33699 [LOW] CWE-200 CVE-2022-33699: Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 al Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

CVE-2022-33687 [LOW] CWE-200 CVE-2022-33687: Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows loc Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.

CVE-2022-33700 [LOW] CWE-200 CVE-2022-33700: Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 al Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

CVE-2022-33696 [LOW] CWE-213 CVE-2022-33696: Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

CVE-2022-30752 [LOW] CWE-284 CVE-2022-30752: Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to S Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.

CVE-2022-30751 [LOW] CWE-284 CVE-2022-30751: Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to S Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.

CVE-2022-33686 [LOW] CWE-200 CVE-2022-33686: Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local at Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

CVE-2022-33690 [LOW] CWE-20 CVE-2022-33690: Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to acc Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.