Details of VAR-202201-1693

ID

VAR-202201-1693

CVE

CVE-2022-22266

TITLE

Android Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002962

DESCRIPTION

(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. Android Exists in a permission management vulnerability.Information may be obtained. Samsung TencentWifiSecurity service is a Tencent WiFi full service used by Samsung mobile devices. Samsung TencentWifiSecurity service has an information leakage vulnerability. The vulnerability is caused by the unprotected WifiEvaluationService in TencentWifiSecurity service. Attackers can exploit this vulnerability to obtain WiFi information without permission

Trust: 2.25

sources: NVD: CVE-2022-22266 // JVNDB: JVNDB-2022-002962 // CNVD: CNVD-2025-02603 // VULMON: CVE-2022-22266

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02603

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	9.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices p	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-02603 // JVNDB: JVNDB-2022-002962 // NVD: CVE-2022-22266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22266
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22266
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-22266
value:	LOW
Trust: 0.8
CNVD:	CNVD-2025-02603
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202201-615
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-22266
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-22266
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2025-02603
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-22266
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22266
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22266
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-02603 // VULMON: CVE-2022-22266 // JVNDB: JVNDB-2022-002962 // CNNVD: CNNVD-202201-615 // NVD: CVE-2022-22266 // NVD: CVE-2022-22266

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002962 // NVD: CVE-2022-22266

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-615

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-615

PATCH

title:	top page	url:	https://www.android.com/	Trust: 0.8
title:	Patch for Samsung TencentWifiSecurity service information leakage vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/355531	Trust: 0.6
title:	Samsung SMR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178082	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: CNVD: CNVD-2025-02603 // VULMON: CVE-2022-22266 // JVNDB: JVNDB-2022-002962 // CNNVD: CNNVD-202201-615

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22266	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-002962	Trust: 0.8
db:	CNVD	id:	CNVD-2025-02603	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-615	Trust: 0.6
db:	VULMON	id:	CVE-2022-22266	Trust: 0.1

sources: CNVD: CNVD-2025-02603 // VULMON: CVE-2022-22266 // JVNDB: JVNDB-2022-002962 // CNNVD: CNNVD-202201-615 // NVD: CVE-2022-22266

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=1	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22266	Trust: 2.0
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: CNVD: CNVD-2025-02603 // VULMON: CVE-2022-22266 // JVNDB: JVNDB-2022-002962 // CNNVD: CNNVD-202201-615 // NVD: CVE-2022-22266

SOURCES

db:	CNVD	id:	CNVD-2025-02603
db:	VULMON	id:	CVE-2022-22266
db:	JVNDB	id:	JVNDB-2022-002962
db:	CNNVD	id:	CNNVD-202201-615
db:	NVD	id:	CVE-2022-22266

LAST UPDATE DATE

2025-02-10T23:39:58.077000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02603	date:	2025-02-08T00:00:00
db:	VULMON	id:	CVE-2022-22266	date:	2022-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-002962	date:	2023-01-31T06:18:00
db:	CNNVD	id:	CNNVD-202201-615	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-22266	date:	2024-11-21T06:46:31.290

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02603	date:	2025-02-08T00:00:00
db:	VULMON	id:	CVE-2022-22266	date:	2022-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-002962	date:	2023-01-31T00:00:00
db:	CNNVD	id:	CNNVD-202201-615	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2022-22266	date:	2022-01-10T14:12:37.133