Wear Os
CVE-2022-24930
LOW
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission
AnalysisAI
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission Affected products include: Samsung Wear Os.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prio
Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to
Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data withi
Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access da
A security vulnerability in Framework for Galaxy Watch (CVSS 6.2) that allows local attackers. Remediation should follow
Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allo
A security vulnerability in ScreenCapture for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should fo
A security vulnerability in SamsungAccount for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should f
Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive infor
Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical att
Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update
Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows phy
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today