Unauthorized Access Vulnerability in Samsung Members Application
CVE-2021-25343

4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Members
Vendor: CVE Published:; 4 March 2021

Summary

A vulnerability in the Samsung Members application allows unauthorized actions, including the potential for denial of service attacks. This issue arises when the application attempts to call a non-existent provider, which can be hijacked by malicious actors. Users of Samsung Members versions prior to 2.4.81.13 on Android O and 3.8.00.13 on Android P are particularly at risk, highlighting the importance of keeping software up to date for optimal security.

Affected Version(s)

Samsung Members Android O(8.1) and below < 2.4.81.13

Samsung Members Android P(9.0) and above < 3.8.00.13

References

https://security.samsungmobile.com/

x_refsource_MISC

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2021
Vulnerability Reserved
Jan 19, 2021