Vulnerability Description
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Galaxy Watch Active 2 Firmware | < 5.5 |
| Samsung | Galaxy Watch Active 2 | - |
| Samsung | Galaxy Watch Active Firmware | < 5.5 |
| Samsung | Galaxy Watch Active | - |
| Samsung | Galaxy Watch Firmware | < 5.5 |
| Samsung | Galaxy Watch | - |
| Samsung | Galaxy Watch 3 Firmware | < 5.5 |
| Samsung | Galaxy Watch 3 | - |
| Samsung | Gear S3 Firmware | < 5.5 |
| Samsung | Gear S3 | - |
| Samsung | Gear S2 Firmware | < 5.5 |
| Samsung | Gear S2 | - |
| Samsung | Gear S Firmware | < 5.5 |
| Samsung | Gear S | - |
| Samsung | Gear 2 Firmware | < 5.5 |
| Samsung | Gear 2 | - |
| Samsung | Gear 2 Neo Firmware | < 5.5 |
| Samsung | Gear 2 Neo | - |
Related Weaknesses (CWE)
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6Vendor Advisory
- https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6Vendor Advisory
FAQ
What is CVE-2021-25424?
CVE-2021-25424 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.
How severe is CVE-2021-25424?
CVE-2021-25424 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25424?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Galaxy Watch Active 2 Firmware, Samsung Galaxy Watch Active 2, Samsung Galaxy Watch Active Firmware, Samsung Galaxy Watch Active, Samsung Galaxy Watch Firmware.