CVE-2022-44636

The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2A0200 for 2022 models.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.6 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
samsungt-oscpakuc_firmware
-
samsungt-oscpdeuc_firmware
-
samsungt-oscpuabc_firmware
-
samsungt-nkm2akuc_firmware
-
samsungt-nkm2deuc_firmware
-
samsungt-nkm2uabc_firmware
-
samsungt-nklakuc_firmware
-
samsungt-nkldeuc_firmware
-
samsungt-nkluabc_firmware
-
samsungt-ksu2eakuc_firmware
-
samsungt-ksu2edeuc_firmware
-
samsungt-ksu2euab_firmware
-
samsungt-ptmakuc_firmware
-
samsungt-ptmdeuc_firmware
-
samsungt-ptmuabc_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://samsung.com
https://samsungtvbounty.com/securityUpdates
https://samsung.com
https://samsungtvbounty.com/securityUpdates