Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-21455

Summary
Assigner-Samsung Mobile
Assigner Org ID-3af57064-a867-422c-b2ad-40307b65c458
Published At-16 Mar, 2023 | 00:00
Updated At-26 Feb, 2025 | 20:32
Rejected At-
Credits

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Samsung Mobile
Assigner Org ID:3af57064-a867-422c-b2ad-40307b65c458
Published At:16 Mar, 2023 | 00:00
Updated At:26 Feb, 2025 | 20:32
Rejected At:
▼CVE Numbering Authority (CNA)

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.

Affected Products
Vendor
Samsung ElectronicsSamsung Mobile
Product
Samsung Mobile Devices
Versions
Affected
  • From Select devices using Exynos CP chipsets before SMR Mar-2023 Release 1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03
N/A
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03
x_transferred
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mobile.security@samsung.com
Published At:16 Mar, 2023 | 21:15
Updated At:24 Mar, 2023 | 15:44

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Secondary3.15.9MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
CPE Matches
Samsung
samsung
>>exynos_firmware>>-
cpe:2.3:o:samsung:exynos_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos>>-
cpe:2.3:h:samsung:exynos:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-287Secondarymobile.security@samsung.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-287
Type: Secondary
Source: mobile.security@samsung.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03mobile.security@samsung.com
Vendor Advisory
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03
Source: mobile.security@samsung.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

161Records found
CVE-2023-31114
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 47.70%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_5123exynos_5300_firmwareexynos_5300exynos_5123_firmwaren/a
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2025-54455
Matching Score-8
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-8
Assigner-Samsung TV & Appliance
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 19.32%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 05:27
Updated-30 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-magicinfo_9_serverMagicINFO 9 Server
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-54454
Matching Score-8
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-8
Assigner-Samsung TV & Appliance
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 19.32%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 05:26
Updated-30 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-magicinfo_9_serverMagicINFO 9 Server
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-30713
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.09% / 27.16%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:54
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30710
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.06% / 18.05%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:52
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2025-20949
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.1||MEDIUM
EPSS-0.08% / 23.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:24
Updated-17 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-membersSamsung Members
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-30712
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.07% / 20.86%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:54
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30711
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.06% / 18.05%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:53
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3586
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.6||HIGH
EPSS-7.19% / 91.21%
||
7 Day CHG~0.00%
Published-28 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.

Action-Not Available
Vendor-n/aSamsung
Product-dvrsmart_viewern/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-34596
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 41.82%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 09:23
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingsSmartThings
CWE ID-CWE-287
Improper Authentication
CVE-2021-25377
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.04% / 12.29%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:39
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexperience_serviceSamsung Experience Service
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25490
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6||MEDIUM
EPSS-0.03% / 5.39%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2021-25505
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.15% / 36.07%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 02:03
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_passSamsung Pass
CWE ID-CWE-287
Improper Authentication
CVE-2021-25343
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.05% / 16.76%
||
7 Day CHG~0.00%
Published-04 Mar, 2021 | 21:03
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidmembersSamsung Members
CWE ID-CWE-287
Improper Authentication
CVE-2021-25424
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.09%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_watchgalaxy_watch_active_2_firmwaregalaxy_watch_activegalaxy_watch_3gear_s3_firmwaregear_2_neo_firmwaregalaxy_watch_active_2gear_s2galaxy_watch_active_firmwaregear_2_neogear_sgear_s2_firmwaregear_2_firmwaregear_s3galaxy_watch_firmwaregear_s_firmwaregalaxy_watch_3_firmwaregear_2Tizen wearable devices
CWE ID-CWE-287
Improper Authentication
CVE-2024-20890
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.46%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 09:20
Updated-01 Aug, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2023-42531
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.23%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-12 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2023-42576
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-05 Jun, 2025 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-passSamsung Pass
CWE ID-CWE-287
Improper Authentication
CVE-2023-42554
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 7.56%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-passSamsung Pass
CWE ID-CWE-287
Improper Authentication
CVE-2023-50804
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 00:00
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format types specified by the NAS (Non-Access-Stratum) module. This can lead to bypass of authentication.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_850exynos_9820exynos_990_firmwareexynos_1380exynos_1080_firmwareexynos_modem_5123_firmwareexynos_1280exynos_2200_firmwareexynos_1280_firmwareexynos_2100_firmwareexynos_1330_firmwareexynos_990exynos_modem_5300_firmwareexynos_1080exynos_2100exynos_9820_firmwareexynos_980_firmwareexynos_850_firmwareexynos_1380_firmwareexynos_9825exynos_modem_5300exynos_modem_5123exynos_980exynos_9825_firmwareexynos_2200exynos_1330n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-30724
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.14% / 34.01%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 03:12
Updated-26 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galleryGallery
CWE ID-CWE-287
Improper Authentication
CVE-2023-30675
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 8.66%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-passSamsung Pass
CWE ID-CWE-287
Improper Authentication
CVE-2023-21484
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 5.91%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-29 Jan, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2021-25389
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-2.3||LOW
EPSS-0.02% / 3.53%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2023-21437
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2021-25347
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.81%
||
7 Day CHG~0.00%
Published-04 Mar, 2021 | 21:05
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2021-25430
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2023-21487
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.48%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2024-20816
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8||HIGH
EPSS-0.09% / 25.62%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 02:23
Updated-07 Nov, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2024-20856
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.59%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 04:28
Updated-07 Feb, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-287
Improper Authentication
CVE-2024-20889
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 25.09%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 09:20
Updated-01 Aug, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-287
Improper Authentication
CVE-2024-20803
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.09% / 27.05%
||
7 Day CHG~0.00%
Published-04 Jan, 2024 | 01:10
Updated-05 Sep, 2024 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2024-20815
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8||HIGH
EPSS-0.15% / 36.42%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 02:23
Updated-19 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2024-20900
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 09:20
Updated-01 Aug, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2022-39901
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.68%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-exynosexynos_firmwareSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2022-33720
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-2.4||LOW
EPSS-0.03% / 6.92%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:21
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2022-33732
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.40%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:19
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2022-33689
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.76%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:33
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2022-30755
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:32
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2022-30749
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.05% / 13.58%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:21
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingsSmart Things
CWE ID-CWE-287
Improper Authentication
CVE-2016-1329
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.20%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.

Action-Not Available
Vendor-zzincn/aSamsungCisco Systems, Inc.Zyxel Networks CorporationSun Microsystems (Oracle Corporation)
Product-gs1900-10hp_firmwarenexus_3064xkeymouse_firmwarenexus_3548x14j_firmwareopensolarisnexus_3064nexus_3048nexus_3524nexus_3064tn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-28790
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 17.49%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:42
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-link_to_windows_serviceLink to Windows Service
CWE ID-CWE-287
Improper Authentication
CVE-2022-25832
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 3.21%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:36
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2022-25816
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.1||MEDIUM
EPSS-0.02% / 3.21%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2020-10847
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 2.52%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:30
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidgalaxy_note8galaxy_s8n/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-27839
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.16% / 37.55%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-internetSamsung Internet
CWE ID-CWE-287
Improper Authentication
CVE-2022-25825
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.70%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:47
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.

Action-Not Available
Vendor-samasungSamsung Electronics
Product-accountSamsung Account
CWE ID-CWE-287
Improper Authentication
CVE-2022-26091
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 3.00%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2022-25833
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.02% / 3.23%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:36
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2022-25817
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 3.24%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found