Search criteria
6 vulnerabilities found for factorycamerafb by samsung
VAR-202107-1301
Vulnerability from variot - Updated: 2024-08-14 15:42Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege. Samsung FactoryCameraFB is a system application of Samsung Corporation. Samsung Mobile FactoryCameraFB has an access control error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1301",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "factorycamerafb",
"scope": "lt",
"trust": 1.0,
"vendor": "samsung",
"version": "3.4.74"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25440"
}
]
},
"cve": "CVE-2021-25440",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-25440",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-384237",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-25440",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-25440",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-439",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-384237",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25440",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-384237"
},
{
"db": "VULMON",
"id": "CVE-2021-25440"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-439"
},
{
"db": "NVD",
"id": "CVE-2021-25440"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege. Samsung FactoryCameraFB is a system application of Samsung Corporation. Samsung Mobile FactoryCameraFB has an access control error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25440"
},
{
"db": "VULHUB",
"id": "VHN-384237"
},
{
"db": "VULMON",
"id": "CVE-2021-25440"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25440",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-439",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-52400",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-384237",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-25440",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-384237"
},
{
"db": "VULMON",
"id": "CVE-2021-25440"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-439"
},
{
"db": "NVD",
"id": "CVE-2021-25440"
}
]
},
"id": "VAR-202107-1301",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-384237"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:42:51.157000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-384237"
},
{
"db": "NVD",
"id": "CVE-2021-25440"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://blog.oversecured.com/two-weeks-of-securing-samsung-devices-part-2/"
},
{
"trust": 1.7,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2021\u0026month=7"
},
{
"trust": 0.1,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2021\u0026amp;month=7"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-384237"
},
{
"db": "VULMON",
"id": "CVE-2021-25440"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-439"
},
{
"db": "NVD",
"id": "CVE-2021-25440"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-384237"
},
{
"db": "VULMON",
"id": "CVE-2021-25440"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-439"
},
{
"db": "NVD",
"id": "CVE-2021-25440"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-384237"
},
{
"date": "2021-07-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25440"
},
{
"date": "2021-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-439"
},
{
"date": "2021-07-08T14:15:09.050000",
"db": "NVD",
"id": "CVE-2021-25440"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-384237"
},
{
"date": "2021-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25440"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-439"
},
{
"date": "2022-07-30T12:56:51.790000",
"db": "NVD",
"id": "CVE-2021-25440"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-439"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG FactoryCameraFB Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-439"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-439"
}
],
"trust": 0.6
}
}
VAR-202210-0202
Vulnerability from variot - Updated: 2024-08-14 14:49Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. Samsung's FactoryCameraFB Exists in unspecified vulnerabilities.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "factorycamerafb",
"scope": "lt",
"trust": 1.0,
"vendor": "samsung",
"version": "3.5.51"
},
{
"model": "factorycamerafb",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30e0\u30b9\u30f3",
"version": null
},
{
"model": "factorycamerafb",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b5\u30e0\u30b9\u30f3",
"version": null
},
{
"model": "factorycamerafb",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b5\u30e0\u30b9\u30f3",
"version": "3.5.51"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018342"
},
{
"db": "NVD",
"id": "CVE-2022-39857"
}
]
},
"cve": "CVE-2022-39857",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-39857",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "mobile.security@samsung.com",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-39857",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-39857",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39857",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "mobile.security@samsung.com",
"id": "CVE-2022-39857",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-39857",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-290",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018342"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-290"
},
{
"db": "NVD",
"id": "CVE-2022-39857"
},
{
"db": "NVD",
"id": "CVE-2022-39857"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. Samsung\u0027s FactoryCameraFB Exists in unspecified vulnerabilities.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39857"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018342"
},
{
"db": "VULHUB",
"id": "VHN-435644"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39857",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018342",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-290",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-435644",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435644"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018342"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-290"
},
{
"db": "NVD",
"id": "CVE-2022-39857"
}
]
},
"id": "VAR-202210-0202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-435644"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:49:33.188000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAMSUNG Mobile devices Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209930"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-668",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435644"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018342"
},
{
"db": "NVD",
"id": "CVE-2022-39857"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026month=10"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39857"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39857/"
},
{
"trust": 0.1,
"url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026amp;month=10"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435644"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018342"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-290"
},
{
"db": "NVD",
"id": "CVE-2022-39857"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-435644"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018342"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-290"
},
{
"db": "NVD",
"id": "CVE-2022-39857"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-435644"
},
{
"date": "2023-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018342"
},
{
"date": "2022-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-290"
},
{
"date": "2022-10-07T15:15:20.717000",
"db": "NVD",
"id": "CVE-2022-39857"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-435644"
},
{
"date": "2023-10-19T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2022-018342"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-290"
},
{
"date": "2023-06-27T16:13:16.047000",
"db": "NVD",
"id": "CVE-2022-39857"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-290"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung\u0027s \u00a0FactoryCameraFB\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-290"
}
],
"trust": 0.6
}
}
CVE-2022-39857 (GCVE-0-2022-39857)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-03 12:07
VLAI
Summary
Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.
Severity
7.3 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCameraFB |
Affected:
unspecified , < 3.5.51
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCameraFB",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.5.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39857",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:07:42.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25440 (GCVE-0-2021-25440)
Vulnerability from nvd – Published: 2021-07-08 13:48 – Updated: 2024-08-03 20:03
VLAI
Summary
Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
| https://blog.oversecured.com/Two-weeks-of-securin… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCameraFB |
Affected:
- , < 3.4.74
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCameraFB",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.4.74",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege."
}
],
"metrics": [
{
"other": {
"content": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T16:16:18.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FactoryCameraFB",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "3.4.74"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=7",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=7"
},
{
"name": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/",
"refsource": "MISC",
"url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25440",
"datePublished": "2021-07-08T13:48:03.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:03:05.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39857 (GCVE-0-2022-39857)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-03 12:07
VLAI
Summary
Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.
Severity
7.3 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCameraFB |
Affected:
unspecified , < 3.5.51
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCameraFB",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.5.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39857",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:07:42.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25440 (GCVE-0-2021-25440)
Vulnerability from cvelistv5 – Published: 2021-07-08 13:48 – Updated: 2024-08-03 20:03
VLAI
Summary
Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
| https://blog.oversecured.com/Two-weeks-of-securin… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | FactoryCameraFB |
Affected:
- , < 3.4.74
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FactoryCameraFB",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.4.74",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege."
}
],
"metrics": [
{
"other": {
"content": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T16:16:18.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FactoryCameraFB",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "3.4.74"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=7",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=7"
},
{
"name": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/",
"refsource": "MISC",
"url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25440",
"datePublished": "2021-07-08T13:48:03.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:03:05.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}