Bluetooth Information Leakage in Samsung Devices Featuring Qualcomm and Exynos Chips
CVE-2019-16401

6.5MEDIUM

Key Information:

Vendor: Samsung
Status: Galaxy S8 Plus Firmware
Vendor: CVE Published:; 6 November 2019

Summary

Certain Samsung Galaxy devices, including the S8 Plus, S3, and Note 2, are susceptible to a vulnerability that allows malicious actors to exploit Bluetooth connections for injecting commands that leak sensitive data. This data includes critical information such as IMSI, IMEI, call status, internet service status, signal strength, and battery level, posing significant risks to user privacy and security.

References

https://www.openconf.org/acsac2019/modules/request.php?mo...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2019
Vulnerability Reserved
Sep 18, 2019