Taras Drozdovskyi

3 exploits Active since Sep 2022
CVE-2022-39828 WRITEUP HIGH WRITEUP
Samsung mTower < 0.3.0 - Denial of Service via EC_KEY_set_private_key Return Value Mismanagement
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
CVSS 7.5
CVE-2022-39829 WRITEUP HIGH WORKING POC
Samsung mTower <= 0.3.0 - NULL Pointer Dereference in aes256_encrypt
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.
CVSS 7.5
CVE-2022-39830 WRITEUP HIGH WRITEUP
Samsung mTower <= 0.3.0 - Denial of Service via EC_KEY_set_public_key_affine_coordinates
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
CVSS 7.5