CVE-2017-17860: Input Validation
First published: Thu Jan 18 2018(Updated: )
In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Samsung Gear S2 | ||
| Samsung Gear S3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Samsung Gear product vulnerability?
The vulnerability ID for this Samsung Gear product vulnerability is CVE-2017-17860.
What is the severity rating of CVE-2017-17860?
CVE-2017-17860 has a severity rating of 5.7, which is considered medium.
Which Samsung Gear products are affected by CVE-2017-17860?
CVE-2017-17860 affects Samsung Gear S2 and Samsung Gear S3.
What is the impact of CVE-2017-17860?
CVE-2017-17860 allows attackers to update the Bluetooth link key to the same key as the attacker's link key, potentially leading to unauthorized access to the device.
How can CVE-2017-17860 be exploited?
CVE-2017-17860 can be exploited if the attacker is able to reveal the Bluetooth address of the target device and paired user's smartphone.
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/google
- canonical/google android
- vendor/samsung
- canonical/samsung gear s2
- canonical/samsung gear s3