Vulnerability Description
Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Galaxy S8 Plus Firmware | - |
| Samsung | Galaxy S8 Plus | - |
| Samsung | Galaxy S3 Firmware | - |
| Samsung | Galaxy S3 | - |
| Samsung | Galaxy Note 2 Firmware | - |
| Samsung | Galaxy Note 2 | - |
References
- https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=Third Party Advisory
- https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=Third Party Advisory
FAQ
What is CVE-2019-16401?
CVE-2019-16401 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Nu...
How severe is CVE-2019-16401?
CVE-2019-16401 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16401?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Galaxy S8 Plus Firmware, Samsung Galaxy S8 Plus, Samsung Galaxy S3 Firmware, Samsung Galaxy S3, Samsung Galaxy Note 2 Firmware.