Search criteria
9 vulnerabilities found for factorycamera by samsung
VAR-202204-1229
Vulnerability from variot - Updated: 2024-11-23 22:57Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "factorycamera",
"scope": "lt",
"trust": 1.0,
"vendor": "samsung",
"version": "2.1.96"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27838"
}
]
},
"cve": "CVE-2022-27838",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-27838",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-418509",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-27838",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "mobile.security@samsung.com",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-27838",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-27838",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "mobile.security@samsung.com",
"id": "CVE-2022-27838",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2896",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-418509",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-27838",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418509"
},
{
"db": "VULMON",
"id": "CVE-2022-27838"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2896"
},
{
"db": "NVD",
"id": "CVE-2022-27838"
},
{
"db": "NVD",
"id": "CVE-2022-27838"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27838"
},
{
"db": "VULHUB",
"id": "VHN-418509"
},
{
"db": "VULMON",
"id": "CVE-2022-27838"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-27838",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2896",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-418509",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-27838",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418509"
},
{
"db": "VULMON",
"id": "CVE-2022-27838"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2896"
},
{
"db": "NVD",
"id": "CVE-2022-27838"
}
]
},
"id": "VAR-202204-1229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-418509"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:57:45.371000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Samsung FactoryCameraFB Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=190086"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2896"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418509"
},
{
"db": "NVD",
"id": "CVE-2022-27838"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026month=4"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27838/"
},
{
"trust": 0.1,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026amp;month=4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418509"
},
{
"db": "VULMON",
"id": "CVE-2022-27838"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2896"
},
{
"db": "NVD",
"id": "CVE-2022-27838"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-418509"
},
{
"db": "VULMON",
"id": "CVE-2022-27838"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2896"
},
{
"db": "NVD",
"id": "CVE-2022-27838"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-418509"
},
{
"date": "2022-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27838"
},
{
"date": "2022-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2896"
},
{
"date": "2022-04-11T20:15:23.047000",
"db": "NVD",
"id": "CVE-2022-27838"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-418509"
},
{
"date": "2022-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27838"
},
{
"date": "2023-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2896"
},
{
"date": "2024-11-21T06:56:17.540000",
"db": "NVD",
"id": "CVE-2022-27838"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2896"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung FactoryCameraFB Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2896"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2896"
}
],
"trust": 0.6
}
}
VAR-202210-0161
Vulnerability from variot - Updated: 2024-08-14 14:49Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. Samsung's factorycamera Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "factorycamera",
"scope": "lt",
"trust": 1.0,
"vendor": "samsung",
"version": "3.5.51"
},
{
"model": "factorycamera",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30e0\u30b9\u30f3",
"version": null
},
{
"model": "factorycamera",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b5\u30e0\u30b9\u30f3",
"version": "3.5.51"
},
{
"model": "factorycamera",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b5\u30e0\u30b9\u30f3",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018341"
},
{
"db": "NVD",
"id": "CVE-2022-39858"
}
]
},
"cve": "CVE-2022-39858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-39858",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "mobile.security@samsung.com",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-39858",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-39858",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "mobile.security@samsung.com",
"id": "CVE-2022-39858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-39858",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-289",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018341"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-289"
},
{
"db": "NVD",
"id": "CVE-2022-39858"
},
{
"db": "NVD",
"id": "CVE-2022-39858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. Samsung\u0027s factorycamera Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39858"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018341"
},
{
"db": "VULHUB",
"id": "VHN-435645"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39858",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018341",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-289",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-435645",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435645"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018341"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-289"
},
{
"db": "NVD",
"id": "CVE-2022-39858"
}
]
},
"id": "VAR-202210-0161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-435645"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:49:33.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAMSUNG Mobile devices Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209929"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435645"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018341"
},
{
"db": "NVD",
"id": "CVE-2022-39858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026month=10"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39858"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39858/"
},
{
"trust": 0.1,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026amp;month=10"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435645"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018341"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-289"
},
{
"db": "NVD",
"id": "CVE-2022-39858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-435645"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018341"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-289"
},
{
"db": "NVD",
"id": "CVE-2022-39858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-435645"
},
{
"date": "2023-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018341"
},
{
"date": "2022-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-289"
},
{
"date": "2022-10-07T15:15:20.810000",
"db": "NVD",
"id": "CVE-2022-39858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-435645"
},
{
"date": "2023-10-19T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2022-018341"
},
{
"date": "2022-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-289"
},
{
"date": "2022-10-07T20:53:28.097000",
"db": "NVD",
"id": "CVE-2022-39858"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-289"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung\u0027s \u00a0factorycamera\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018341"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-289"
}
],
"trust": 0.6
}
}
VAR-202210-0162
Vulnerability from variot - Updated: 2024-08-14 14:10Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. Samsung's factorycamera Exists in a vulnerability related to the lack of authentication.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "factorycamera",
"scope": "lt",
"trust": 1.0,
"vendor": "samsung",
"version": "3.5.51"
},
{
"model": "factorycamera",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b5\u30e0\u30b9\u30f3",
"version": null
},
{
"model": "factorycamera",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30e0\u30b9\u30f3",
"version": null
},
{
"model": "factorycamera",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b5\u30e0\u30b9\u30f3",
"version": "3.5.51"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018632"
},
{
"db": "NVD",
"id": "CVE-2022-39861"
}
]
},
"cve": "CVE-2022-39861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-39861",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "mobile.security@samsung.com",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"id": "CVE-2022-39861",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-39861",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39861",
"trust": 1.0,
"value": "LOW"
},
{
"author": "mobile.security@samsung.com",
"id": "CVE-2022-39861",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-39861",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-286",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018632"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-286"
},
{
"db": "NVD",
"id": "CVE-2022-39861"
},
{
"db": "NVD",
"id": "CVE-2022-39861"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. Samsung\u0027s factorycamera Exists in a vulnerability related to the lack of authentication.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39861"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018632"
},
{
"db": "VULHUB",
"id": "VHN-435649"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39861",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018632",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-286",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-435649",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435649"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018632"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-286"
},
{
"db": "NVD",
"id": "CVE-2022-39861"
}
]
},
"id": "VAR-202210-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-435649"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:32.514000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAMSUNG Mobile devices Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209926"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-286"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "Lack of authentication (CWE-862) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435649"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018632"
},
{
"db": "NVD",
"id": "CVE-2022-39861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026month=10"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39861"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39861/"
},
{
"trust": 0.1,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026amp;month=10"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435649"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018632"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-286"
},
{
"db": "NVD",
"id": "CVE-2022-39861"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-435649"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018632"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-286"
},
{
"db": "NVD",
"id": "CVE-2022-39861"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-435649"
},
{
"date": "2023-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018632"
},
{
"date": "2022-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-286"
},
{
"date": "2022-10-07T15:15:21.147000",
"db": "NVD",
"id": "CVE-2022-39861"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-435649"
},
{
"date": "2023-10-20T08:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-018632"
},
{
"date": "2022-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-286"
},
{
"date": "2022-10-12T01:12:00.013000",
"db": "NVD",
"id": "CVE-2022-39861"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-286"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung\u0027s \u00a0factorycamera\u00a0 Vulnerability regarding lack of authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018632"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-286"
}
],
"trust": 0.6
}
}
CVE-2022-39861 (GCVE-0-2022-39861)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-03 12:07
VLAI
Summary
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.
Severity
5.9 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCamera |
Affected:
unspecified , < 3.5.51
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCamera",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.5.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39861",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:07:42.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39858 (GCVE-0-2022-39858)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-03 12:07
VLAI
Summary
Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege.
Severity
7.3 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCamera |
Affected:
unspecified , < 3.5.51
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCamera",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.5.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39858",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:07:42.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27838 (GCVE-0-2022-27838)
Vulnerability from nvd – Published: 2022-04-11 19:37 – Updated: 2024-08-03 05:41
VLAI
Summary
Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.
Severity
7.7 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCamera |
Affected:
- , < 2.1.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:09.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCamera",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "2.1.96",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:30.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-27838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FactoryCamera",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "2.1.96"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-27838",
"datePublished": "2022-04-11T19:37:30.000Z",
"dateReserved": "2022-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:41:09.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39861 (GCVE-0-2022-39861)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-03 12:07
VLAI
Summary
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.
Severity
5.9 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCamera |
Affected:
unspecified , < 3.5.51
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCamera",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.5.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39861",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:07:42.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39858 (GCVE-0-2022-39858)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-03 12:07
VLAI
Summary
Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege.
Severity
7.3 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCamera |
Affected:
unspecified , < 3.5.51
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCamera",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.5.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39858",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:07:42.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27838 (GCVE-0-2022-27838)
Vulnerability from cvelistv5 – Published: 2022-04-11 19:37 – Updated: 2024-08-03 05:41
VLAI
Summary
Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.
Severity
7.7 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCamera |
Affected:
- , < 2.1.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:09.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCamera",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "2.1.96",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:30.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-27838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FactoryCamera",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "2.1.96"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-27838",
"datePublished": "2022-04-11T19:37:30.000Z",
"dateReserved": "2022-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:41:09.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}