Details of VAR-202201-1694

ID

VAR-202201-1694

CVE

CVE-2022-22264

TITLE

Android Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002960

DESCRIPTION

Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission. Android There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Samsung Mobile is a mobile phone produced by Samsung of South Korea. Samsung Mobile DressRoom has an arbitrary file access vulnerability. The vulnerability is caused by incorrect cleaning of the incoming intent in Dressroom

Trust: 2.25

sources: NVD: CVE-2022-22264 // JVNDB: JVNDB-2022-002960 // CNVD: CNVD-2025-02715 // VULMON: CVE-2022-22264

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02715

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	dressroom r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-02715 // JVNDB: JVNDB-2022-002960 // NVD: CVE-2022-22264

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22264
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22264
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22264
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-02715
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202201-613
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-22264
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-22264
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2025-02715
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-22264
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22264
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22264
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-02715 // VULMON: CVE-2022-22264 // JVNDB: JVNDB-2022-002960 // CNNVD: CNNVD-202201-613 // NVD: CVE-2022-22264 // NVD: CVE-2022-22264

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002960 // NVD: CVE-2022-22264

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-613

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202201-613

PATCH

title:	top page	url:	https://www.android.com/	Trust: 0.8
title:	Patch for Samsung Mobile DressRoom Arbitrary File Access Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/353916	Trust: 0.6
title:	Samsung Mobile Device Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178080	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: CNVD: CNVD-2025-02715 // VULMON: CVE-2022-22264 // JVNDB: JVNDB-2022-002960 // CNNVD: CNNVD-202201-613

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22264	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-002960	Trust: 0.8
db:	CNVD	id:	CNVD-2025-02715	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-613	Trust: 0.6
db:	VULMON	id:	CVE-2022-22264	Trust: 0.1

sources: CNVD: CNVD-2025-02715 // VULMON: CVE-2022-22264 // JVNDB: JVNDB-2022-002960 // CNNVD: CNNVD-202201-613 // NVD: CVE-2022-22264

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=1	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22264	Trust: 2.0
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: CNVD: CNVD-2025-02715 // VULMON: CVE-2022-22264 // JVNDB: JVNDB-2022-002960 // CNNVD: CNNVD-202201-613 // NVD: CVE-2022-22264

SOURCES

db:	CNVD	id:	CNVD-2025-02715
db:	VULMON	id:	CVE-2022-22264
db:	JVNDB	id:	JVNDB-2022-002960
db:	CNNVD	id:	CNNVD-202201-613
db:	NVD	id:	CVE-2022-22264

LAST UPDATE DATE

2025-02-14T23:13:39.985000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02715	date:	2025-02-12T00:00:00
db:	VULMON	id:	CVE-2022-22264	date:	2022-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-002960	date:	2023-01-31T06:14:00
db:	CNNVD	id:	CNNVD-202201-613	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-22264	date:	2024-11-21T06:46:31.050

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02715	date:	2025-02-11T00:00:00
db:	VULMON	id:	CVE-2022-22264	date:	2022-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-002960	date:	2023-01-31T00:00:00
db:	CNNVD	id:	CNNVD-202201-613	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2022-22264	date:	2022-01-10T14:12:34.870