ID
VAR-202106-1625
CVE
CVE-2021-25423
TITLE
Watch Active2 Vulnerability regarding information leakage from log files in plugins
Trust: 0.8
sources:
JVNDB: JVNDB-2021-007931
DESCRIPTION
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. Samsung Watch Active2 is a smart watch produced by South Korea's Samsung (Samsung) company
Trust: 2.16
sources:
NVD: CVE-2021-25423 //
JVNDB: JVNDB-2021-007931 //
CNVD: CNVD-2021-44282
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2021-44282
AFFECTED PRODUCTS
| vendor: | samsung | model: | watch active2 plugin | scope: | lt | version: | 2.2.08.21033151 | Trust: 1.6 |
| vendor: | サムスン | model: | watch active2 プラグイン | scope: | eq | version: | watch active2 plugin 2.2.08.21033151 | Trust: 0.8 |
| vendor: | サムスン | model: | watch active2 プラグイン | scope: | eq | version: | - | Trust: 0.8 |
sources:
CNVD: CNVD-2021-44282 //
JVNDB: JVNDB-2021-007931 //
NVD: CVE-2021-25423
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2021-44282 //
JVNDB: JVNDB-2021-007931 //
CNNVD: CNNVD-202106-949 //
NVD: CVE-2021-25423
PROBLEMTYPE DATA
| problemtype: | CWE-779 | Trust: 1.0 |
| problemtype: | CWE-532 | Trust: 1.0 |
| problemtype: | Information leakage from log files (CWE-532) [NVD Evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-007931 //
NVD: CVE-2021-25423
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-202106-949
TYPE
log information leak
Trust: 0.6
sources:
CNNVD: CNNVD-202106-949
PATCH
| title: | Security Updates (JUN-2021 Updates) | url: | https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6 | Trust: 0.8 |
| title: | Patch for Samsung Watch Active2 PlugIn has an unspecified vulnerability (CNVD-2021-44282) | url: | https://www.cnvd.org.cn/patchInfo/show/274571 | Trust: 0.6 |
| title: | Samsung Watch Active2 PlugIn Repair measures for log information disclosure vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155277 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-44282 //
JVNDB: JVNDB-2021-007931 //
CNNVD: CNNVD-202106-949
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-25423 | Trust: 3.8 |
| db: | JVNDB | id: | JVNDB-2021-007931 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2021-44282 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202106-949 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-44282 //
JVNDB: JVNDB-2021-007931 //
CNNVD: CNNVD-202106-949 //
NVD: CVE-2021-25423
REFERENCES
| url: | https://security.samsungmobile.com/serviceweb.smsb?year=2021&month=6 | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-25423 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-007931 //
CNNVD: CNNVD-202106-949 //
NVD: CVE-2021-25423
SOURCES
| db: | CNVD | id: | CNVD-2021-44282 |
| db: | JVNDB | id: | JVNDB-2021-007931 |
| db: | CNNVD | id: | CNNVD-202106-949 |
| db: | NVD | id: | CVE-2021-25423 |
LAST UPDATE DATE
2024-08-14T14:55:55.488000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2021-44282 | date: | 2021-06-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-007931 | date: | 2022-02-28T05:49:00 |
| db: | CNNVD | id: | CNNVD-202106-949 | date: | 2021-06-28T00:00:00 |
| db: | NVD | id: | CVE-2021-25423 | date: | 2021-06-17T14:44:11.030 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2021-44282 | date: | 2021-06-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-007931 | date: | 2022-02-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-202106-949 | date: | 2021-06-11T00:00:00 |
| db: | NVD | id: | CVE-2021-25423 | date: | 2021-06-11T15:15:10.900 |