Improper Access Control in Samsung SLocation Allows Unauthorized Location Information Access
CVE-2023-21470

4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 3 September 2025

What is CVE-2023-21470?

An improper access control vulnerability in Samsung's SLocation prior to the SMR April 2022 Release 1 enables local attackers to exploit the system, allowing them to access sensitive device location information through the com.samsung.android.wifi.NETWORK_LOCATION action. This flaw underscores the importance of securing application permissions to prevent unauthorized access to user data.

Affected Version(s)

Samsung Mobile Devices SMR Apr-2023 Release in Android 11, 12, 13

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Nov 14, 2022