CVE-2022-39909 HIGH

CVE-2022-39909

Vendor Samsung Mobile
Product Samsung Gear IconX PC Manager
Weakness CWE-345
Published December 8, 2022
Last update April 23, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link.

Key dates

02Disclosure timeline

December 8, 2022 CVE published
April 23, 2025 Record updated