Remote Unlock Vulnerability in Samsung Find My Mobile
CVE-2023-42571

7.6HIGH

Key Information:

Vendor: Samsung
Status: Find My Mobile
Vendor: CVE Published:; 5 December 2023

Summary

A vulnerability in Samsung’s Find My Mobile service allows a physical attacker to exploit the remote unlock feature. By resetting the Samsung Account password using SMS verification, an unauthorized individual can gain access to a device even if it has been lost. This issue affects versions prior to 7.3.13.4, underscoring the importance of securing account recovery options to prevent unauthorized access.

Affected Version(s)

Find My Mobile 7.3.13.4

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Sep 11, 2023