Unprotected Provider Vulnerability in Samsung's Charm Product
CVE-2022-36836

6.2MEDIUM

Key Information:

Vendor
Samsung
Status
Charm By Samsung
Vendor
CVE Published:
5 August 2022

Summary

The unprotected provider vulnerability in Samsung's Charm product allows unauthorized attackers to read connection states without the necessary permissions. This could lead to significant security issues, exposing sensitive information and data to malicious actors. Users of Charm versions prior to 1.2.3 are particularly at risk and are urged to upgrade to the latest version to mitigate that risk.

Affected Version(s)

Charm by Samsung < 1.2.3

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...
x_refsource_MISC

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.