Description
Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210
Scores
CVSS v3
6.5
EPSS
0.0018
EPSS Percentile
39.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (3)
samsung/galaxy_note_2_firmware
samsung/galaxy_s3_firmware
samsung/galaxy_s8_plus_firmware
Published
Nov 06, 2019
Tracked Since
Feb 18, 2026