CVE-2013-4764

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 63.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Galaxy S3 Firmware Samsung Galaxy S4 Firmware

Timeline

PublishedDec 27

Latest updateMay 5

Description

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages2 packages

▶NVDsamsung/galaxy_s3_firmware1.0

▶NVDsamsung/galaxy_s4_firmware1.4

🔴Vulnerability Details

GHSA

GHSA-6gpq-3wvx-gvq3: Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permi↗2022-05-05

▶

CVEList

CVE-2013-4764: Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permi↗2019-12-27

▶