CVE-2021-25392Sensitive Information Exposure in Mobile Devices

CWE-200Sensitive Information ExposureCWE-326Inadequate Encryption Strength3 documents3 sources
Severity
5.5MEDIUMNVD
CNA4.0
EPSS
0.0%
top 99.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile DevicesGoogle Android
Timeline
PublishedJun 11
Latest updateMay 24

Description

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5samsung_mobile/samsung_mobile_devicesP(9.0), Q(10.0) , R(11.0)SMR MAY-2021 Release 1
NVDgoogle/android10.0, 11.0, 9.0+2

🔴Vulnerability Details

2
GHSA
GHSA-grfp-8c8p-564v: Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information vi2022-05-24
CVEList
CVE-2021-25392: Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information vi2021-06-11
CVE-2021-25392 — Sensitive Information Exposure | cvebase