CVE-2018-16271

The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:samsung:gear_s3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:samsung:gear_sport_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_sport:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:samsung:gear_fit_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_fit:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:samsung:gear_fit_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_fit_2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:samsung:gear_fit_2_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:gear_fit_2_pro:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-01-22 14:15

Updated : 2024-02-04 20:39


NVD link : CVE-2018-16271

Mitre link : CVE-2018-16271

CVE.ORG link : CVE-2018-16271


JSON object : View

Products Affected

samsung

  • gear_s3_firmware
  • gear_sport
  • gear_fit_2_firmware
  • gear_s_firmware
  • gear_live_firmware
  • gear_s2
  • gear_fit
  • gear_sport_firmware
  • galaxy_gear_firmware
  • gear_fit_firmware
  • gear_2_firmware
  • gear_fit_2
  • gear_s3
  • gear_live
  • gear_s2_firmware
  • gear_fit_2_pro_firmware
  • gear_fit_2_pro
  • galaxy_gear
  • gear_s
  • gear_2
CWE
CWE-269

Improper Privilege Management