Details of VAR-202112-0549

ID

VAR-202112-0549

CVE

CVE-2021-25515

TITLE

Android Vulnerability in leaking resources to the wrong area in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016952

DESCRIPTION

An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. Android Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. Samsung SemRewardManager is an application for Samsung mobile devices. Samsung SemRewardManager has an information disclosure vulnerability. Attackers can exploit this vulnerability to access BSSID

Trust: 2.16

sources: NVD: CVE-2021-25515 // JVNDB: JVNDB-2021-016952 // CNVD: CNVD-2025-02724

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02724

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	9.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices p	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-02724 // JVNDB: JVNDB-2021-016952 // NVD: CVE-2021-25515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25515
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25515
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-25515
value:	LOW
Trust: 0.8
CNVD:	CNVD-2025-02724
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202112-654
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2021-25515
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2025-02724
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25515
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25515
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-25515
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-02724 // JVNDB: JVNDB-2021-016952 // CNNVD: CNNVD-202112-654 // NVD: CVE-2021-25515 // NVD: CVE-2021-25515

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.0
problemtype:	CWE-269	Trust: 1.0
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-016952 // NVD: CVE-2021-25515

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-654

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-654

PATCH

title:	top page	url:	https://www.android.com/	Trust: 0.8
title:	Patch for Samsung SemRewardManager BSSID Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/354631	Trust: 0.6
title:	Samsung SMR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174854	Trust: 0.6

sources: CNVD: CNVD-2025-02724 // JVNDB: JVNDB-2021-016952 // CNNVD: CNNVD-202112-654

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25515	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-016952	Trust: 0.8
db:	CNVD	id:	CNVD-2025-02724	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-654	Trust: 0.6

sources: CNVD: CNVD-2025-02724 // JVNDB: JVNDB-2021-016952 // CNNVD: CNNVD-202112-654 // NVD: CVE-2021-25515

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2021&month=12	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25515	Trust: 2.0

sources: CNVD: CNVD-2025-02724 // JVNDB: JVNDB-2021-016952 // CNNVD: CNNVD-202112-654 // NVD: CVE-2021-25515

SOURCES

db:	CNVD	id:	CNVD-2025-02724
db:	JVNDB	id:	JVNDB-2021-016952
db:	CNNVD	id:	CNNVD-202112-654
db:	NVD	id:	CVE-2021-25515

LAST UPDATE DATE

2025-02-14T23:15:31.823000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02724	date:	2025-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-016952	date:	2022-12-27T05:17:00
db:	CNNVD	id:	CNNVD-202112-654	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2021-25515	date:	2022-08-01T11:59:14.457

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02724	date:	2025-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-016952	date:	2022-12-27T00:00:00
db:	CNNVD	id:	CNNVD-202112-654	date:	2021-12-08T00:00:00
db:	NVD	id:	CVE-2021-25515	date:	2021-12-08T15:15:08.197