Описание
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-16270
- https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf
- https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be
EPSS
Процентиль: 58%
0.0036
Низкий
CVE ID
Связанные уязвимости
CVSS3: 7.5
nvd
около 6 лет назад
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
EPSS
Процентиль: 58%
0.0036
Низкий