CVE-2021-25424
HIGHTizen bluetooth-frwk <JUN-2021 - Privilege Escalation
Title source: llmDescription
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6
Scores
CVSS v3
8.8
EPSS
0.0022
EPSS Percentile
44.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (9)
samsung/galaxy_watch_3_firmware
< 5.5
samsung/galaxy_watch_active_2_firmware
< 5.5
samsung/galaxy_watch_active_firmware
< 5.5
samsung/galaxy_watch_firmware
< 5.5
samsung/gear_2_firmware
< 5.5
samsung/gear_2_neo_firmware
< 5.5
samsung/gear_s2_firmware
< 5.5
samsung/gear_s3_firmware
< 5.5
samsung/gear_s_firmware
< 5.5
Published
Jun 11, 2021
Tracked Since
Feb 18, 2026