Improper Authorization in Samsung Internet Affects User Data Access
CVE-2023-30704

3.8LOW

Key Information:

Vendor: Samsung
Status: Samsung Internet
Vendor: CVE Published:; 10 August 2023

What is CVE-2023-30704?

An improper authorization vulnerability exists in Samsung Internet that can be exploited by physical attackers. Prior to version 22.0.0.35, this flaw enables unauthorized access to files downloaded in Secret Mode without requiring user authentication. This security gap can lead to sensitive information exposure, highlighting the importance of updating to the latest version to mitigate potential risks.

Affected Version(s)

Samsung Internet 22.0.0.35

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2023
Vulnerability Reserved
Apr 14, 2023