CVE-2021-25348Improper Check or Handling of Exceptional Conditions in Mobile Samsung Internet

CWE-703Improper Check or Handling of Exceptional Conditions3 documents3 sources
Severity
2.4LOWNVD
CNA2.1
EPSS
0.1%
top 81.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung InternetSamsung Internet
Timeline
PublishedMar 4
Latest updateMay 24

Description

Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/internet< 13.0.1.60
CVEListV5samsung_mobile/samsung_internetunspecified13.0.1.60

🔴Vulnerability Details

2
GHSA
GHSA-vfrf-7w5v-x2gx: Improper permission grant check in Samsung Internet prior to version 132022-05-24
CVEList
CVE-2021-25348: Improper permission grant check in Samsung Internet prior to version 132021-03-04
CVE-2021-25348 — Mobile Samsung Internet vulnerability | cvebase