Skip to main content

Wear Os CVE-2022-24930

LOW
Improper Access Control (CWE-284)
2022-03-10 mobile.security@samsung.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 10, 2022 - 17:46 nvd
LOW 3.3

DescriptionNVD

An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission

AnalysisAI

An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission Affected products include: Samsung Wear Os.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-20946 HIGH
8.8 Apr 08

Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prio

CVE-2025-20984 MEDIUM
6.8 Jun 04

Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to

CVE-2025-20912 MEDIUM
6.2 Mar 06

Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data withi

CVE-2025-20910 MEDIUM
6.2 Mar 06

Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access da

CVE-2025-20997 MEDIUM
6.2 Jul 08

A security vulnerability in Framework for Galaxy Watch (CVSS 6.2) that allows local attackers. Remediation should follow

CVE-2025-21004 MEDIUM
6.2 Jul 08

Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allo

CVE-2025-20986 MEDIUM
5.5 Jun 04

A security vulnerability in ScreenCapture for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should fo

CVE-2025-20998 MEDIUM
5.5 Jul 08

A security vulnerability in SamsungAccount for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should f

CVE-2024-34613 MEDIUM
5.5 Aug 07

Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive infor

CVE-2025-20939 MEDIUM
5.4 Apr 08

Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical att

CVE-2025-20911 MEDIUM
4.4 Mar 06

Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update

CVE-2025-20956 MEDIUM
4.3 May 07

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows phy

Share

CVE-2022-24930 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy