CVE-2022-33728
Description
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A vulnerability in Samsung Bluetooth settings exposes connected device MAC addresses to local attackers, fixed in SMR Aug-2022 Release 1.
Vulnerability
A local information disclosure vulnerability exists in Bluetooth on Samsung mobile devices prior to the SMR Aug-2022 Release 1 [1]. The issue arises from the exposure of connected Bluetooth MAC addresses through the Settings.Global system settings, allowing unauthorized local access.
Exploitation
An attacker with local access to the device (e.g., through a malicious app or physical access) can query Settings.Global to retrieve the Bluetooth MAC address of currently connected devices. No additional permissions beyond local access are required.
Impact
Successful exploitation leads to the disclosure of the connected Bluetooth device's MAC address. This information can be used for device tracking, fingerprinting, or as a stepping stone for more targeted attacks.
Mitigation
Samsung has addressed this vulnerability in the SMR Aug-2022 Release 1 update. Users are advised to install the latest security patch to protect their devices [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: prior to SMR Aug-2022 Release 1
- Range: Q(10), R(11), S(12)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- security.samsungmobile.com/securityUpdate.smsbmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.