Improper Access Control in Samsung Voice Recorder
CVE-2024-20839

4.6MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Voice Recorder
Vendor: CVE Published:; 5 March 2024

Summary

An improper access control vulnerability exists in Samsung Voice Recorder versions before 21.5.16.01 for Android 12 and 13, as well as version 21.4.51.02 for Android 14. This flaw enables physical attackers who gain access to a locked device to retrieve audio recordings directly from the lock screen. Such exposure of sensitive recording files poses significant risks to user privacy and data security.

Affected Version(s)

Samsung Voice Recorder 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2024
Vulnerability Reserved
Dec 5, 2023