← back
CVE-2021-25374

CVE-2021-25374

CVSS 8.6 HIGHEPSS 3.1%CWE-285
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
Samsung Mobile · Samsung Members

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.com/https://security.samsungmobile.com/serviceWeb.smsb