Vulnerabilities > CVE-2022-36836 - Missing Authorization vulnerability in Samsung Charm Firmware

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
samsung
CWE-862
NVD
Published: 2022-08-05
Updated: 2022-10-27

Summary

Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.

Vulnerable Configurations

Part Description Count
OS
Samsung
1
Hardware
Samsung
1

Common Weakness Enumeration (CWE)

References