CVE-2019-11341

MEDIUM Year: 2019
CVSS v3 Score
4.6
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-327
View all →

Vulnerability Description

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.

Related Vulnerabilities

CVE-2007-5460

MEDIUM
CVSS:4.6(Medium)

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the devic...

CWE-3272007

CVE-2020-12702

MEDIUM
CVSS:4.6(Medium)

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesd...

CWE-3272020

CVE-2017-14937

MEDIUM
CVSS:4.7(Medium)

The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units...

CWE-3272017

CVE-2019-15795

MEDIUM
CVSS:4.7(Medium)

python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle ...

CWE-3272019

CVE-2021-36647

MEDIUM
CVSS:4.7(Medium)

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to pre...

CWE-3272021

CVE-2022-30187

MEDIUM
CVSS:4.7(Medium)

Azure Storage Library Information Disclosure Vulnerability

CWE-3272022