CVE-2021-25366Improper Check or Handling of Exceptional Conditions in Mobile Samsung Internet

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-863Incorrect Authorization3 documents3 sources
Severity
2.9LOWNVD
CNA3.2
EPSS
0.1%
top 78.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung InternetSamsung Internet
Timeline
PublishedMar 25
Latest updateMay 24

Description

Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 0.3 | Impact: 2.5

Affected Packages2 packages

NVDsamsung/internet< 13.2.1.70
CVEListV5samsung_mobile/samsung_internetunspecified13.2.1.70

🔴Vulnerability Details

2
GHSA
GHSA-wp7q-xrrh-6rxg: Improper access control in Samsung Internet prior to version 132022-05-24
CVEList
CVE-2021-25366: Improper access control in Samsung Internet prior to version 132021-03-25
CVE-2021-25366 — Mobile Samsung Internet vulnerability | cvebase