CVE-2018-16271
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
22/01/2020
Last modified:
30/01/2020
Description
The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:* | re2 (excluding) | |
| cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:* | re2 (excluding) | |
| cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:* | re2 (excluding) | |
| cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:* | re2 (excluding) | |
| cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:* | re2 (excluding) | |
| cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:gear_s3_firmware:*:*:*:*:*:*:*:* | re2 (excluding) | |
| cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:gear_sport_firmware:*:*:*:*:*:*:*:* | re2 (excluding) | |
| cpe:2.3:h:samsung:gear_sport:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:gear_fit_firmware:*:*:*:*:*:*:*:* | re2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page