Details of VAR-202207-0777

ID

VAR-202207-0777

CVE

CVE-2022-30751

TITLE

Samsung Mobile devices SemWifiApClient Access Control Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-65120

DESCRIPTION

Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. Samsung Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG) company, including mobile phones, tablets, etc. There is an access control vulnerability in Samsung Mobile devices SemWifiApClient. The vulnerability stems from improper access control in the sendDHCPACKBroadcast function of SemWifiApClient

Trust: 1.53

sources: NVD: CVE-2022-30751 // CNVD: CNVD-2022-65120 // VULMON: CVE-2022-30751

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-65120

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-65120 // NVD: CVE-2022-30751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30751
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30751
value:	LOW
Trust: 1.0
CNVD:	CNVD-2022-65120
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202207-1050
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-30751
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-30751
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-65120
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-30751
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30751
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-65120 // VULMON: CVE-2022-30751 // CNNVD: CNNVD-202207-1050 // NVD: CVE-2022-30751 // NVD: CVE-2022-30751

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0

sources: NVD: CVE-2022-30751

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1050

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1050

PATCH

title:	Patch for Samsung Mobile devices SemWifiApClient Access Control Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/352616	Trust: 0.6
title:	SAMSUNG Mobile devices SemWifiApClient Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=200422	Trust: 0.6

sources: CNVD: CNVD-2022-65120 // CNNVD: CNNVD-202207-1050

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30751	Trust: 2.3
db:	CNVD	id:	CNVD-2022-65120	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1050	Trust: 0.6
db:	VULMON	id:	CVE-2022-30751	Trust: 0.1

sources: CNVD: CNVD-2022-65120 // VULMON: CVE-2022-30751 // CNNVD: CNNVD-202207-1050 // NVD: CVE-2022-30751

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30751	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-30751/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-65120 // VULMON: CVE-2022-30751 // CNNVD: CNNVD-202207-1050 // NVD: CVE-2022-30751

SOURCES

db:	CNVD	id:	CNVD-2022-65120
db:	VULMON	id:	CVE-2022-30751
db:	CNNVD	id:	CNNVD-202207-1050
db:	NVD	id:	CVE-2022-30751

LAST UPDATE DATE

2024-08-14T14:24:40.708000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-65120	date:	2022-09-22T00:00:00
db:	VULMON	id:	CVE-2022-30751	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-1050	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2022-30751	date:	2023-07-21T17:07:00.337

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-65120	date:	2022-09-23T00:00:00
db:	VULMON	id:	CVE-2022-30751	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1050	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-30751	date:	2022-07-12T14:15:15.967