CVE-2018-16269
Summary
| CVE | CVE-2018-16269 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-22 13:15:00 UTC |
| Updated | 2020-01-30 17:40:00 UTC |
| Description | The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Samsung | Galaxy Gear | - | All | All | All |
| Hardware | Samsung | Galaxy Gear | - | All | All | All |
| Operating System | Samsung | Galaxy Gear Firmware | All | All | All | All |
| Operating System | Samsung | Galaxy Gear Firmware | All | All | All | All |
| Hardware | Samsung | Gear 2 | - | All | All | All |
| Hardware | Samsung | Gear 2 | - | All | All | All |
| Operating System | Samsung | Gear 2 Firmware | All | All | All | All |
| Operating System | Samsung | Gear 2 Firmware | All | All | All | All |
| Hardware | Samsung | Gear Fit | - | All | All | All |
| Hardware | Samsung | Gear Fit | - | All | All | All |
| Hardware | Samsung | Gear Fit 2 | - | All | All | All |
| Hardware | Samsung | Gear Fit 2 | - | All | All | All |
| Operating System | Samsung | Gear Fit 2 Firmware | All | All | All | All |
| Operating System | Samsung | Gear Fit 2 Firmware | All | All | All | All |
| Hardware | Samsung | Gear Fit 2 Pro | - | All | All | All |
| Hardware | Samsung | Gear Fit 2 Pro | - | All | All | All |
| Operating System | Samsung | Gear Fit 2 Pro Firmware | All | All | All | All |
| Operating System | Samsung | Gear Fit 2 Pro Firmware | All | All | All | All |
| Operating System | Samsung | Gear Fit Firmware | All | All | All | All |
| Operating System | Samsung | Gear Fit Firmware | All | All | All | All |
| Hardware | Samsung | Gear Live | - | All | All | All |
| Hardware | Samsung | Gear Live | - | All | All | All |
| Operating System | Samsung | Gear Live Firmware | All | All | All | All |
| Operating System | Samsung | Gear Live Firmware | All | All | All | All |
| Hardware | Samsung | Gear S | - | All | All | All |
| Hardware | Samsung | Gear S | - | All | All | All |
| Hardware | Samsung | Gear S2 | - | All | All | All |
| Hardware | Samsung | Gear S2 | - | All | All | All |
| Operating System | Samsung | Gear S2 Firmware | All | All | All | All |
| Operating System | Samsung | Gear S2 Firmware | All | All | All | All |
| Hardware | Samsung | Gear S3 | - | All | All | All |
| Hardware | Samsung | Gear S3 | - | All | All | All |
| Operating System | Samsung | Gear S3 Firmware | All | All | All | All |
| Operating System | Samsung | Gear S3 Firmware | All | All | All | All |
| Hardware | Samsung | Gear Sport | - | All | All | All |
| Hardware | Samsung | Gear Sport | - | All | All | All |
| Operating System | Samsung | Gear Sport Firmware | All | All | All | All |
| Operating System | Samsung | Gear Sport Firmware | All | All | All | All |
| Operating System | Samsung | Gear S Firmware | All | All | All | All |
| Operating System | Samsung | Gear S Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| DEF CON 26 - Kim and Choi - Your Watch Can Watch You! Pitfalls in the Samsung Gear Smartwatch - YouTube | MISC | www.youtube.com | Exploit, Third Party Advisory |
| media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%... | MISC | media.defcon.org | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.