CVE-2022-36848 MEDIUM

CVE-2022-36848

Vendor Samsung Mobile

Product Samsung Mobile Devices

Weakness CWE-285

Published September 9, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service.

Key dates

02Disclosure timeline

September 9, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-36848

Related vulnerabilities

04Related CVE

CVE-2020-5275 Firewall configured with unanimous strategy was not actually unanimous in symfony/security-http CVE-2026-4617 SourceCodester Patients Waiting Area Queue Management System Patient Check-In api_patient_checkin.php ValidateToken improper authorization CVE-2022-0860 Improper Authorization in cobbler/cobbler CVE-2026-45503 Microsoft Exchange Server Information Disclosure Vulnerability CVE-2023-33183 Error in calendar when booking an appointment reveals the full path of the website

Identifiers

CVE CVE-2022-36848

CWE CWE-285

CVSS 5.1 / MEDIUM

Affected versions

Vendor Samsung Mobile

Product Samsung Mobile Devices

Affected ≥ Q(10), R(11), S(12) and < SMR Sep-2022 Release 1