Samsung Members vulnerabilities

13 known vulnerabilities affecting samsung/members.

Total CVEs

13

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH4MEDIUM4LOW4

Vulnerabilities

Page 1 of 1

CVE-2026-20985HIGHCVSS 7.0fixed in 5.6.00.112026-02-04

CVE-2026-20985 [HIGH] CVE-2026-20985: Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to c Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.

CVE-2026-20986MEDIUMCVSS 5.1fixed in 15.5.05.42026-02-04

CVE-2026-20986 [MEDIUM] CWE-22 CVE-2026-20986: Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overw Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members.

CVE-2025-21079HIGHCVSS 8.1fixed in 5.5.01.32025-11-05

CVE-2025-21079 [HIGH] CVE-2025-21079: Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to co Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.

CVE-2025-20949CRITICALCVSS 9.1fixed in 5.0.00.112025-05-07

CVE-2025-20949 [MEDIUM] CWE-22 CVE-2025-20949: Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.

CVE-2025-20898MEDIUMCVSS 4.6fixed in 5.2.00.122025-02-04

CVE-2025-20898 [MEDIUM] CVE-2025-20898: Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.

CVE-2023-30703MEDIUMCVSS 4.3fixed in 14.0.07.12023-08-10

CVE-2023-30703 [LOW] CVE-2023-30703: Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information.

CVE-2022-30748MEDIUMCVSS 5.5fixed in 4.2.0052022-06-07

CVE-2022-30748 [MEDIUM] CWE-561 CVE-2022-30748: Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch a Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.

CVE-2022-28777LOWCVSS 3.3fixed in 13.6.08.52022-04-11

CVE-2022-28777 [MEDIUM] CWE-284 CVE-2022-28777: Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local att Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.

CVE-2021-25438HIGHCVSS 7.8fixed in 2.4.85.11v3.9.10.112021-07-08

CVE-2021-25438 [HIGH] CWE-284 CVE-2021-25438: Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8. Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

CVE-2021-25439LOWCVSS 3.3fixed in 2.4.85.11v3.9.10.112021-07-08

CVE-2021-25439 [LOW] CWE-284 CVE-2021-25439: Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8. Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

CVE-2021-25374HIGHCVSS 7.5≤ 2.4.83.9≥ 3.9.00.92021-04-09

CVE-2021-25374 [HIGH] CWE-285 CVE-2021-25374: An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in v An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

CVE-2021-25343LOWCVSS 3.3fixed in 2.4.81.13fixed in 3.8.00.132021-03-04

CVE-2021-25343 [MEDIUM] CWE-287 CVE-2021-25343: Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) an Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.

CVE-2021-25342LOWCVSS 3.3fixed in 2.4.81.13fixed in 3.8.00.132021-03-04

CVE-2021-25342 [MEDIUM] CWE-287 CVE-2021-25342: Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions inclu Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.