Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.
Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.
Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.
Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles.
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.
Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.
Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch.
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen.
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.
Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader.
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel.
Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.
Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.
Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.
Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.
Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.
Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email.
Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id.
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.
Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages.
Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.
Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.
Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information.
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.