Arbitrary File Write Vulnerability in Galaxy Store Prior to Version 4.5.71.8
CVE-2024-20870

5.1MEDIUM

Key Information:

Vendor: Samsung
Status: Galaxy Store
Vendor: CVE Published:; 7 May 2024

What is CVE-2024-20870?

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

Affected Version(s)

Galaxy Store 4.5.71.8

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Dec 5, 2023

Samsung

What is CVE-2024-20870?

Affected Version(s)

References

CVSS V3.1

Timeline