PT-2022-16992 · Google · Wear Os
Published
2022-03-08
·
Updated
2023-06-23
·
CVE-2022-24930
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Wear OS version 3.0 prior to Firmware update MAR-2022 Release
Description
The issue is related to an improper access control vulnerability in the StRetailModeReceiver component. This vulnerability allows untrusted applications to reset default app settings without proper permission.
Recommendations
For Wear OS version 3.0 prior to Firmware update MAR-2022 Release: Apply the Firmware update MAR-2022 Release to resolve the issue. As a temporary workaround, consider restricting access to the StRetailModeReceiver component to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wear Os