Improper Access Control in FactoryCameraFB by Samsung
CVE-2022-39857

7.3HIGH

Key Information:

Vendor: Samsung
Status: Factorycamerafb
Vendor: CVE Published:; 7 October 2022

What is CVE-2022-39857?

An improper access control vulnerability exists in the CameraTestActivity of FactoryCameraFB prior to version 3.5.51. This flaw allows attackers to exploit broadcasting Intent with system uid privilege, potentially leading to unauthorized access and control over camera functions. Security measures should be implemented to ensure the integrity of user data and system operations.

Affected Version(s)

FactoryCameraFB < 3.5.51

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2022
Vulnerability Reserved
Sep 5, 2022