Physical Attackers Can Access Other Users' Video Files via Improper Access Control in Samsung Video Player

CVE-2024-49404

4.6MEDIUM

Key Information

Vendor
Samsung
Status
Samsung Video Player
Vendor
CVE Published:
6 November 2024

Summary

Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.

Affected Version(s)

Samsung Video Player <= 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14

Refferences

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.