CVE-2022-22290

CWE-703CWE-755Improper Exception Handling3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 46.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung InternetSamsung Internet
Timeline
PublishedJan 14
Latest updateJan 15

Description

Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/internet< 16.0.6.23
CVEListV5samsung_mobile/samsung_internet-16.0.6.23

🔴Vulnerability Details

2
GHSA
GHSA-mrxc-w72r-9933: Incorrect download source UI in Downloads in Samsung Internet prior to 162022-01-15
CVEList
CVE-2022-22290: Incorrect download source UI in Downloads in Samsung Internet prior to 162022-01-14