Samsung Mobile Samsung Internet vulnerabilities

CVE-2022-39873 [MEDIUM] CWE-285 CVE-2022-39873: Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.

CVE-2022-30738 [MEDIUM] CWE-703 CVE-2022-30738: Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address ba Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.

CVE-2022-30740 [MEDIUM] CWE-200 CVE-2022-30740: Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attacker Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.

CVE-2022-27839 [MEDIUM] CWE-287 CVE-2022-27839: Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allo Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.

CVE-2022-22290 [MEDIUM] CWE-703 CVE-2022-22290: Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.

CVE-2022-22284 [MEDIUM] CWE-287 CVE-2022-22284: Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to byp Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication

CVE-2021-25520 [MEDIUM] CWE-20 CVE-2021-25520: Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.

CVE-2021-25521 [LOW] CWE-285 CVE-2021-25521: Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.

CVE-2021-25466 [MEDIUM] CWE-287 CVE-2021-25466: Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.

CVE-2021-25445 [MEDIUM] CWE-287 CVE-2021-25445: Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted appli Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.

CVE-2021-25418 [HIGH] CWE-269 CVE-2021-25418: Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows un Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.

CVE-2021-25419 [MEDIUM] CWE-703 CVE-2021-25419: Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 al Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.

CVE-2021-25354 [MEDIUM] CWE-285 CVE-2021-25354: Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-e Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.

CVE-2021-25366 [LOW] CWE-703 CVE-2021-25366: Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate a Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.

CVE-2021-25348 [LOW] CWE-703 CVE-2021-25348: Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to file Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.