CVE-2018-16270
Summary
| CVE | CVE-2018-16270 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-22 14:15:00 UTC |
| Updated | 2020-01-30 17:48:00 UTC |
| Description | Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Samsung | Galaxy Gear | - | All | All | All |
| Hardware | Samsung | Galaxy Gear | - | All | All | All |
| Operating System | Samsung | Galaxy Gear Firmware | All | All | All | All |
| Operating System | Samsung | Galaxy Gear Firmware | All | All | All | All |
| Hardware | Samsung | Gear 2 | - | All | All | All |
| Hardware | Samsung | Gear 2 | - | All | All | All |
| Operating System | Samsung | Gear 2 Firmware | All | All | All | All |
| Operating System | Samsung | Gear 2 Firmware | All | All | All | All |
| Hardware | Samsung | Gear Fit | - | All | All | All |
| Hardware | Samsung | Gear Fit | - | All | All | All |
| Hardware | Samsung | Gear Fit 2 | - | All | All | All |
| Hardware | Samsung | Gear Fit 2 | - | All | All | All |
| Operating System | Samsung | Gear Fit 2 Firmware | All | All | All | All |
| Operating System | Samsung | Gear Fit 2 Firmware | All | All | All | All |
| Hardware | Samsung | Gear Fit 2 Pro | - | All | All | All |
| Hardware | Samsung | Gear Fit 2 Pro | - | All | All | All |
| Operating System | Samsung | Gear Fit 2 Pro Firmware | All | All | All | All |
| Operating System | Samsung | Gear Fit 2 Pro Firmware | All | All | All | All |
| Operating System | Samsung | Gear Fit Firmware | All | All | All | All |
| Operating System | Samsung | Gear Fit Firmware | All | All | All | All |
| Hardware | Samsung | Gear Live | - | All | All | All |
| Hardware | Samsung | Gear Live | - | All | All | All |
| Operating System | Samsung | Gear Live Firmware | All | All | All | All |
| Operating System | Samsung | Gear Live Firmware | All | All | All | All |
| Hardware | Samsung | Gear S | - | All | All | All |
| Hardware | Samsung | Gear S | - | All | All | All |
| Hardware | Samsung | Gear S2 | - | All | All | All |
| Hardware | Samsung | Gear S2 | - | All | All | All |
| Operating System | Samsung | Gear S2 Firmware | All | All | All | All |
| Operating System | Samsung | Gear S2 Firmware | All | All | All | All |
| Hardware | Samsung | Gear S3 | - | All | All | All |
| Hardware | Samsung | Gear S3 | - | All | All | All |
| Operating System | Samsung | Gear S3 Firmware | All | All | All | All |
| Operating System | Samsung | Gear S3 Firmware | All | All | All | All |
| Hardware | Samsung | Gear Sport | - | All | All | All |
| Hardware | Samsung | Gear Sport | - | All | All | All |
| Operating System | Samsung | Gear Sport Firmware | All | All | All | All |
| Operating System | Samsung | Gear Sport Firmware | All | All | All | All |
| Operating System | Samsung | Gear S Firmware | All | All | All | All |
| Operating System | Samsung | Gear S Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| DEF CON 26 - Kim and Choi - Your Watch Can Watch You! Pitfalls in the Samsung Gear Smartwatch - YouTube | MISC | www.youtube.com | Exploit, Third Party Advisory |
| media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%... | MISC | media.defcon.org | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.