Details of VAR-202203-1033

ID

VAR-202203-1033

CVE

CVE-2022-25826

TITLE

Samsung's Android for Galaxy Watch3 Information disclosure vulnerability in plug-in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006688

DESCRIPTION

Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log. Samsung's Android for Galaxy Watch3 The plugin contains an information disclosure vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-25826 // JVNDB: JVNDB-2022-006688

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy watch 3 plugin	scope:	lt	version:	2.2.03.22012751	Trust: 1.0
vendor:	サムスン	model:	galaxy watch3 プラグイン	scope:	eq	version:	galaxy watch3 plugin 2.2.03.22012751	Trust: 0.8
vendor:	サムスン	model:	galaxy watch3 プラグイン	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	galaxy watch3 プラグイン	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-006688 // NVD: CVE-2022-25826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25826
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25826
value:	LOW
Trust: 1.0
NVD:	CVE-2022-25826
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202203-856
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2022-25826
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2022-25826
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25826
baseSeverity:	LOW
baseScore:	1.9
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25826
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-006688 // CNNVD: CNNVD-202203-856 // NVD: CVE-2022-25826 // NVD: CVE-2022-25826

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.0
problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006688 // NVD: CVE-2022-25826

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-856

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202203-856

PATCH

title:

Samsung Galaxy S3 Plugin Repair measures for log information disclosure vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=245130

Trust: 0.6

sources: CNNVD: CNNVD-202203-856

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25826	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-006688	Trust: 0.8
db:	CNNVD	id:	CNNVD-202203-856	Trust: 0.6

sources: JVNDB: JVNDB-2022-006688 // CNNVD: CNNVD-202203-856 // NVD: CVE-2022-25826

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=3	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25826	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25826/	Trust: 0.6

sources: JVNDB: JVNDB-2022-006688 // CNNVD: CNNVD-202203-856 // NVD: CVE-2022-25826

SOURCES

db:	JVNDB	id:	JVNDB-2022-006688
db:	CNNVD	id:	CNNVD-202203-856
db:	NVD	id:	CVE-2022-25826

LAST UPDATE DATE

2024-11-23T23:00:53.121000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-006688	date:	2023-07-07T08:26:00
db:	CNNVD	id:	CNNVD-202203-856	date:	2023-07-11T00:00:00
db:	NVD	id:	CVE-2022-25826	date:	2024-11-21T06:53:04.430

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-006688	date:	2023-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202203-856	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-25826	date:	2022-03-10T17:47:24.277