CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16401

Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.8%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 3.3

References

Products affected by CVE-2019-16401

Samsung » Galaxy Note 2 » Version: N/A

cpe:2.3:h:samsung:galaxy_note_2:-
Samsung » Galaxy S3 » Version: N/A

cpe:2.3:h:samsung:galaxy_s3:-
Samsung » Galaxy S8 Plus » Version: N/A

cpe:2.3:h:samsung:galaxy_s8_plus:-
Samsung » Galaxy Note 2 Firmware » Version: N/A

cpe:2.3:o:samsung:galaxy_note_2_firmware:-
Samsung » Galaxy S3 Firmware » Version: N/A

cpe:2.3:o:samsung:galaxy_s3_firmware:-
Samsung » Galaxy S8 Plus Firmware » Version: N/A

cpe:2.3:o:samsung:galaxy_s8_plus_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16401

Products

Pricing

Contact Us