Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-42530

Summary
Assigner-Samsung Mobile
Assigner Org ID-3af57064-a867-422c-b2ad-40307b65c458
Published At-07 Nov, 2023 | 07:49
Updated At-04 Sep, 2024 | 20:23
Rejected At-
Credits

Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Samsung Mobile
Assigner Org ID:3af57064-a867-422c-b2ad-40307b65c458
Published At:07 Nov, 2023 | 07:49
Updated At:04 Sep, 2024 | 20:23
Rejected At:
â–¼CVE Numbering Authority (CNA)

Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.

Affected Products
Vendor
Samsung ElectronicsSamsung Mobile
Product
Samsung Mobile Devices
Default Status
affected
Versions
Unaffected
  • SMR Nov-2023 Release in Android 11, 12, 13
Problem Types
TypeCWE IDDescription
N/AN/ACWE-20 Improper Input Validation
Type: N/A
CWE ID: N/A
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11
N/A
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11
x_transferred
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mobile.security@samsung.com
Published At:07 Nov, 2023 | 08:15
Updated At:13 Nov, 2023 | 18:06

Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-apr-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-aug-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-feb-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-jan-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-jan-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-jan-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-jul-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-jul-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-jul-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-jun-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-jun-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-jun-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-mar-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-mar-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-mar-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-may-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-may-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-may-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-nov-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-nov-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-oct-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-oct-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-oct-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-sep-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-sep-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>11.0
cpe:2.3:o:samsung:android:11.0:smr-sep-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11mobile.security@samsung.com
Vendor Advisory
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11
Source: mobile.security@samsung.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

91Records found
CVE-2024-7399
Matching Score-8
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-8
Assigner-Samsung TV & Appliance
CVSS Score-8.8||HIGH
EPSS-64.77% / 98.45%
||
7 Day CHG-6.23%
Published-09 Aug, 2024 | 04:43
Updated-08 May, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-magicinfo_9_serverMagicINFO 9 Servermagicinfo_9_server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2012-3810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.87% / 96.19%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 21:56
Updated-06 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Kies before 2.5.0.12094_27_11 has registry modification.

Action-Not Available
Vendor-n/aSamsung
Product-kiesn/a
CVE-2023-42528
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.31%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-04 Sep, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42529
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.90%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-04 Sep, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-3809
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.87% / 96.19%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 21:54
Updated-06 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.

Action-Not Available
Vendor-n/aSamsung
Product-kiesn/a
CVE-2023-42565
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.08% / 24.04%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2019-20601
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.97%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:12
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-exynos_7880exynos_7570androidexynos_7870exynos_8890exynos_7580n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49408
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 25.01%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 02:17
Updated-13 Nov, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_s24galaxy_s24_firmwareSamsung Mobile Devicesgalaxy_s24_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49409
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 25.01%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 02:17
Updated-13 Nov, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_s24galaxy_s24_firmwareSamsung Mobile Devicesgalaxy_s24_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49406
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.30%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 02:17
Updated-13 Nov, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystoreblockchain_keystore
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2023-30651
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:50
Updated-20 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30686
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-10 Oct, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30689
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-10 Oct, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30687
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-10 Oct, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30650
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:50
Updated-20 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30695
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-21 Oct, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_book2_pro_360galaxy_book2_go_firmwaregalaxy_book_gogalaxy_book_go_5ggalaxy_book2_pro_360_firmwaregalaxy_book_go_5g_firmwaregalaxy_book2_gogalaxy_book_go_firmwareGalaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30702
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-10 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_book2_pro_360galaxy_book2_go_firmwaregalaxy_book_gogalaxy_book_go_5ggalaxy_book2_pro_360_firmwaregalaxy_book_go_5g_firmwaregalaxy_book2_gogalaxy_book_go_firmwareGalaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360galaxy_book_gogalaxy_book_2_gogalaxy_book_2_pro_360galaxy_book_go_5g
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30652
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:50
Updated-20 Nov, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30739
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.90%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:45
Updated-04 Sep, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2023-30669
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-20 Nov, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30688
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-10 Oct, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30693
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.72%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-10 Oct, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30694
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-10 Oct, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30668
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-20 Nov, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30670
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-20 Nov, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30654
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.87%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:17
Updated-17 Oct, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2023-30727
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 26.21%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 03:02
Updated-19 Sep, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2023-30709
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-7.9||HIGH
EPSS-0.06% / 17.22%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 03:11
Updated-26 Sep, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2023-31115
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.25%
||
7 Day CHG+0.05%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_5123exynos_5300_firmwareexynos_5300exynos_5123_firmwaren/a
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2025-20937
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.97%
||
7 Day CHG+0.06%
Published-07 May, 2025 | 08:22
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20885
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.08% / 22.60%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-25 Mar, 2025 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20904
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 10.94%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:24
Updated-12 Feb, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20982
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:33
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20987
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.2||MEDIUM
EPSS-0.02% / 4.78%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 04:56
Updated-10 Feb, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CVE-2025-21017
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 3.99%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 04:23
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20983
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:33
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21048
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.42%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 06:33
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-20564
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.08%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:30
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019).

Action-Not Available
Vendor-n/aSamsung
Product-note9s9n/a
CVE-2022-23432
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 4.59%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices with Exynos chipsets
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22288
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.26%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-285
Improper Authorization
CVE-2023-42557
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.6||MEDIUM
EPSS-0.07% / 20.08%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found