PT-2024-24755 · Samsung · Samsung Galaxy Smarttag2
Published
2024-07-10
·
Updated
2024-07-11
·
CVE-2024-32670
CVSS v4.0
7.0
High
| Vector | AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Samsung Galaxy SmartTag2 versions prior to 0.20.04
Description
The issue allows attackers to potentially identify the tag's location by scanning the BLE advertising, exposing sensitive information to unauthorized actors.
Recommendations
For Samsung Galaxy SmartTag2 versions prior to 0.20.04, update to version 0.20.04 or later to resolve the issue. As a temporary workaround, consider restricting the use of BLE advertising on the affected devices until a patch is applied.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Galaxy Smarttag2