CVE-2018-16270

Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:samsung:gear_s3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:samsung:gear_sport_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_sport:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:samsung:gear_fit_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_fit:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:samsung:gear_fit_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_fit_2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:samsung:gear_fit_2_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_fit_2_pro:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-01-22 14:15

Updated : 2024-02-04 20:39


NVD link : CVE-2018-16270

Mitre link : CVE-2018-16270

CVE.ORG link : CVE-2018-16270


JSON object : View

Products Affected

samsung

  • gear_s3_firmware
  • gear_sport
  • gear_fit_2_firmware
  • gear_s_firmware
  • gear_live_firmware
  • gear_s2
  • gear_fit
  • gear_sport_firmware
  • galaxy_gear_firmware
  • gear_fit_firmware
  • gear_2_firmware
  • gear_fit_2
  • gear_s3
  • gear_live
  • gear_s2_firmware
  • gear_fit_2_pro_firmware
  • gear_fit_2_pro
  • galaxy_gear
  • gear_s
  • gear_2
CWE
CWE-269

Improper Privilege Management