Samsung Cloud vulnerabilities

CVE-2026-20975 [LOW] CVE-2026-20975: Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local a Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.

CVE-2024-20851 [MEDIUM] CVE-2024-20851: Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local a Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege.

CVE-2023-42578 [MEDIUM] CWE-755 CVE-2023-42578: Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prio Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission.

CVE-2023-21447 [MEDIUM] CWE-284 CVE-2023-21447: Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local atta Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.

CVE-2023-21448 [MEDIUM] CWE-22 CVE-2023-21448: Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access sp Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file.

CVE-2022-33713 [HIGH] CWE-285 CVE-2022-33713: Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to g Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information.

CVE-2022-24932 [MEDIUM] CWE-424 CVE-2022-24932: Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Re Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.

CVE-2021-25368 [LOW] CWE-287 CVE-2021-25368: Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.