CVE-2022-33712

Published: Jul 12, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information.

Affected (5)

Products: Samsung: Camera

Samsung

1 product

Camera

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Camera	Before 12.0.0.98
Samsung Camera	After 12.0.01.0 to 12.0.01.64
Samsung Camera	After 12.0.3.0 to 12.0.3.19
Samsung Camera	After 12.0.3.19 to 12.0.3.23
Samsung Camera	After 12.0.6.0 to 12.0.6.11

Running on/with	Platform Versions
Google Android	Version 12.0

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=07

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=07

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.