Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.
References
Link | Resource |
---|---|
https://security.samsungmobile.com/ | Vendor Advisory |
https://security.samsungmobile.com/serviceWeb.smsb | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
No history.
Information
Published : 2021-03-04 22:15
Updated : 2024-02-28 18:08
NVD link : CVE-2021-25343
Mitre link : CVE-2021-25343
CVE.ORG link : CVE-2021-25343
JSON object : View
Products Affected
samsung
- members
- android
CWE
CWE-287
Improper Authentication