CVE-2018-9142

CWE-20Improper Input Validation3 documents3 sources
Severity
7.0HIGH
EPSS
0.1%
top 69.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Samsung Mobile
Timeline
PublishedMar 30
Latest updateMay 14

Description

On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

NVDsamsung/samsung_mobile4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-f89h-hjx9-4gm8: On Samsung mobile devices with N(72022-05-14
CVEList
CVE-2018-9142: On Samsung mobile devices with N(72018-03-30
CVE-2018-9142 (HIGH CVSS 7) | On Samsung mobile devices with N(7. | cvebase.io