Vulnerabilities (CVE)

Filtered by vendor Samsung Subscribe
Filtered by product Gear S3
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25424 1 Samsung 18 Galaxy Watch, Galaxy Watch 3, Galaxy Watch 3 Firmware and 15 more 2024-02-04 5.8 MEDIUM 8.8 HIGH
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.
CVE-2018-16272 1 Samsung 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVE-2018-16271 1 Samsung 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more 2024-02-04 3.3 LOW 6.5 MEDIUM
The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVE-2018-16269 1 Samsung 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVE-2018-16270 1 Samsung 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
CVE-2017-17860 2 Google, Samsung 3 Android, Gear S2, Gear S3 2024-02-04 5.7 MEDIUM 5.7 MEDIUM
In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone