Samsung Cameralyzer up to 3.2.21/3.3.21/3.4.21/3.5.50 WebApp access control

Summaryinfo

A vulnerability, which was classified as critical, was found in Samsung Cameralyzer up to 3.2.21/3.3.21/3.4.21/3.5.50. Affected is an unknown function of the component WebApp. Executing a manipulation can lead to access control. This vulnerability is tracked as CVE-2022-36832. The attack is restricted to local execution. No exploit exists. You should upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic was found in Samsung Cameralyzer up to 3.2.21/3.3.21/3.4.21/3.5.50. This vulnerability affects some unknown functionality of the component WebApp. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. As an impact it is known to affect confidentiality. CVE summarizes:

Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.

The weakness was disclosed 08/05/2022. The advisory is shared for download at security.samsungmobile.com. This vulnerability was named CVE-2022-36832 since 07/27/2022. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.

Upgrading to version 3.2.22, 3.3.22, 3.4.22 or 3.5.51 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Samsung

Name

• Cameralyzer

Version

• 3.2.0
• 3.2.1
• 3.2.2
• 3.2.3
• 3.2.4
• 3.2.5
• 3.2.6
• 3.2.7
• 3.2.8
• 3.2.9
• 3.2.10
• 3.2.11
• 3.2.12
• 3.2.13
• 3.2.14
• 3.2.15
• 3.2.16
• 3.2.17
• 3.2.18
• 3.2.19
• 3.2.20
• 3.2.21
• 3.3.0
• 3.3.1
• 3.3.2
• 3.3.3
• 3.3.4
• 3.3.5
• 3.3.6
• 3.3.7
• 3.3.8
• 3.3.9
• 3.3.10
• 3.3.11
• 3.3.12
• 3.3.13
• 3.3.14
• 3.3.15
• 3.3.16
• 3.3.17
• 3.3.18
• 3.3.19
• 3.3.20
• 3.3.21
• 3.4.0
• 3.4.1
• 3.4.2
• 3.4.3
• 3.4.4
• 3.4.5
• 3.4.6
• 3.4.7
• 3.4.8
• 3.4.9
• 3.4.10
• 3.4.11
• 3.4.12
• 3.4.13
• 3.4.14
• 3.4.15
• 3.4.16
• 3.4.17
• 3.4.18
• 3.4.19
• 3.4.20
• 3.4.21
• 3.5.0
• 3.5.1
• 3.5.2
• 3.5.3
• 3.5.4
• 3.5.5
• 3.5.6
• 3.5.7
• 3.5.8
• 3.5.9
• 3.5.10
• 3.5.11
• 3.5.12
• 3.5.13
• 3.5.14
• 3.5.15
• 3.5.16
• 3.5.17
• 3.5.18
• 3.5.19
• 3.5.20
• 3.5.21
• 3.5.22
• 3.5.23
• 3.5.24
• 3.5.25
• 3.5.26
• 3.5.27
• 3.5.28
• 3.5.29
• 3.5.30
• 3.5.31
• 3.5.32
• 3.5.33
• 3.5.34
• 3.5.35
• 3.5.36
• 3.5.37
• 3.5.38
• 3.5.39
• 3.5.40
• 3.5.41
• 3.5.42
• 3.5.43
• 3.5.44
• 3.5.45
• 3.5.46
• 3.5.47
• 3.5.48
• 3.5.49
• 3.5.50

License

• commercial

Website

• Vendor: https://www.samsung.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion