CVE-2018-16270

moderate-risk

Published 2020-01-22

Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.

Do I need to act?

0.36% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (10)

Galaxy Gear Firmware

Gear 2 Firmware

Gear Live Firmware

Gear S Firmware

Gear S2 Firmware

Gear S3 Firmware

Gear Sport Firmware

Gear Fit Firmware

Gear Fit 2 Firmware

Gear Fit 2 Pro Firmware

Affected Vendors

Samsung

References (4)

Exploit https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%...

Exploit https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

Exploit https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%...

Exploit https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate