Remote attackers can enable JavaScript in webview due to insufficient url authenticity verification
CVE-2024-49418

6.5MEDIUM

Key Information:

Vendor
Samsung
Status
Gaminghub
Vendor
CVE Published:
3 December 2024

Summary

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.

Affected Version(s)

GamingHub 6.1.03.4 in Korea, 7.1.02.4 in Global

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.