var-202207-0777
Vulnerability from variot
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. Samsung Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG) company, including mobile phones, tablets, etc.
There is an access control vulnerability in Samsung Mobile devices SemWifiApClient. The vulnerability stems from improper access control in the sendDHCPACKBroadcast function of SemWifiApClient
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0777", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "12.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "10.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "11.0" }, { "model": "q", "scope": null, "trust": 0.6, "vendor": "samsung", "version": null }, { "model": "r", "scope": null, "trust": 0.6, "vendor": "samsung", "version": null }, { "model": "s", "scope": null, "trust": 0.6, "vendor": "samsung", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-65120" }, { "db": "NVD", "id": "CVE-2022-30751" } ] }, "cve": "CVE-2022-30751", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2022-30751", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2022-65120", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2022-30751", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "mobile.security@samsung.com", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2022-30751", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-30751", "trust": 1.0, "value": "LOW" }, { "author": "mobile.security@samsung.com", "id": "CVE-2022-30751", "trust": 1.0, "value": "LOW" }, { "author": "CNVD", "id": "CNVD-2022-65120", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202207-1050", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2022-30751", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-65120" }, { "db": "VULMON", "id": "CVE-2022-30751" }, { "db": "CNNVD", "id": "CNNVD-202207-1050" }, { "db": "NVD", "id": "CVE-2022-30751" }, { "db": "NVD", "id": "CVE-2022-30751" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. Samsung Mobile devices is a series of Samsung mobile devices of South Korea\u0027s Samsung (SAMSUNG) company, including mobile phones, tablets, etc. \n\r\n\r\nThere is an access control vulnerability in Samsung Mobile devices SemWifiApClient. The vulnerability stems from improper access control in the sendDHCPACKBroadcast function of SemWifiApClient", "sources": [ { "db": "NVD", "id": "CVE-2022-30751" }, { "db": "CNVD", "id": "CNVD-2022-65120" }, { "db": "VULMON", "id": "CVE-2022-30751" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-30751", "trust": 2.3 }, { "db": "CNVD", "id": "CNVD-2022-65120", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-1050", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-30751", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-65120" }, { "db": "VULMON", "id": "CVE-2022-30751" }, { "db": "CNNVD", "id": "CNNVD-202207-1050" }, { "db": "NVD", "id": "CVE-2022-30751" } ] }, "id": "VAR-202207-0777", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-65120" } ], "trust": 1.6 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-65120" } ] }, "last_update_date": "2024-08-14T14:24:40.708000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Samsung Mobile devices SemWifiApClient Access Control Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/352616" }, { "title": "SAMSUNG Mobile devices SemWifiApClient Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=200422" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-65120" }, { "db": "CNNVD", "id": "CNNVD-202207-1050" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-284", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-30751" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://security.samsungmobile.com/securityupdate.smsb?year=2022\u0026month=7" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30751" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-30751/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/668.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-65120" }, { "db": "VULMON", "id": "CVE-2022-30751" }, { "db": "CNNVD", "id": "CNNVD-202207-1050" }, { "db": "NVD", "id": "CVE-2022-30751" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-65120" }, { "db": "VULMON", "id": "CVE-2022-30751" }, { "db": "CNNVD", "id": "CNNVD-202207-1050" }, { "db": "NVD", "id": "CVE-2022-30751" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-23T00:00:00", "db": "CNVD", "id": "CNVD-2022-65120" }, { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2022-30751" }, { "date": "2022-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-1050" }, { "date": "2022-07-12T14:15:15.967000", "db": "NVD", "id": "CVE-2022-30751" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-22T00:00:00", "db": "CNVD", "id": "CNVD-2022-65120" }, { "date": "2022-07-16T00:00:00", "db": "VULMON", "id": "CVE-2022-30751" }, { "date": "2023-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-1050" }, { "date": "2023-07-21T17:07:00.337000", "db": "NVD", "id": "CVE-2022-30751" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-1050" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Samsung Mobile devices SemWifiApClient Access Control Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-65120" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-1050" } ], "trust": 0.6 } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.