Details of VAR-202207-0775

ID

VAR-202207-0775

CVE

CVE-2022-30752

TITLE

Samsung Mobile devices SemWifiApClient Access Control Vulnerability (CNVD-2022-65119)

Trust: 0.6

sources: CNVD: CNVD-2022-65119

DESCRIPTION

Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. Samsung Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG) company, including mobile phones, tablets, etc. There is an access control vulnerability in Samsung Mobile devices SemWifiApClient. The vulnerability stems from improper access control in the sendDHCPACKBroadcast function of SemWifiApClient

Trust: 1.53

sources: NVD: CVE-2022-30752 // CNVD: CNVD-2022-65119 // VULMON: CVE-2022-30752

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-65119

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-65119 // NVD: CVE-2022-30752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30752
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30752
value:	LOW
Trust: 1.0
CNVD:	CNVD-2022-65119
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202207-1052
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-30752
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-30752
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-65119
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-30752
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30752
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-65119 // VULMON: CVE-2022-30752 // CNNVD: CNNVD-202207-1052 // NVD: CVE-2022-30752 // NVD: CVE-2022-30752

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0

sources: NVD: CVE-2022-30752

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1052

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1052

PATCH

title:	Patch for Samsung Mobile devices SemWifiApClient Access Control Vulnerability (CNVD-2022-65119)	url:	https://www.cnvd.org.cn/patchInfo/show/352611	Trust: 0.6
title:	SAMSUNG Mobile devices SemWifiApClient Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=200424	Trust: 0.6

sources: CNVD: CNVD-2022-65119 // CNNVD: CNNVD-202207-1052

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30752	Trust: 2.3
db:	CNVD	id:	CNVD-2022-65119	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1052	Trust: 0.6
db:	VULMON	id:	CVE-2022-30752	Trust: 0.1

sources: CNVD: CNVD-2022-65119 // VULMON: CVE-2022-30752 // CNNVD: CNNVD-202207-1052 // NVD: CVE-2022-30752

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30752	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-30752/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-65119 // VULMON: CVE-2022-30752 // CNNVD: CNNVD-202207-1052 // NVD: CVE-2022-30752

SOURCES

db:	CNVD	id:	CNVD-2022-65119
db:	VULMON	id:	CVE-2022-30752
db:	CNNVD	id:	CNNVD-202207-1052
db:	NVD	id:	CVE-2022-30752

LAST UPDATE DATE

2024-08-14T14:49:42.314000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-65119	date:	2022-09-22T00:00:00
db:	VULMON	id:	CVE-2022-30752	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-1052	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2022-30752	date:	2023-07-21T17:07:42.753

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-65119	date:	2022-09-23T00:00:00
db:	VULMON	id:	CVE-2022-30752	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1052	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-30752	date:	2022-07-12T14:15:16.023