Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2022-30726MEDIUMUnprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackEPSS 0.1%CVE-2022-27831LOWImproper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memorEPSS 0.1%CVE-2022-33698LOWExposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.EPSS 0.1%CVE-2022-30757MEDIUMImproper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permissioEPSS 0.1%CVE-2021-25486LOWExposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing EPSS 0.1%CVE-2022-33697LOWSensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with EPSS 0.1%CVE-2022-33694MEDIUMExposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unEPSS 0.1%CVE-2022-33696MEDIUMExposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via loEPSS 0.1%CVE-2025-21061HIGHCleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User iEPSS 0.1%CVE-2022-28786MEDIUMImproper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible tempoEPSS 0.1%CVE-2026-21020MEDIUMImproper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged funcEPSS 0.1%CVE-2021-25481MEDIUMAn improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory ProtEPSS 0.1%CVE-2022-28785MEDIUMImproper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible tempoEPSS 0.1%CVE-2022-28788MEDIUMImproper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible tempoEPSS 0.1%CVE-2022-36854MEDIUMOut of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information.EPSS 0.1%CVE-2026-21030MEDIUMImproper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.EPSS 0.1%CVE-2022-39880HIGHImproper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary EPSS 0.1%CVE-2025-21062HIGHUse of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring aEPSS 0.1%CVE-2022-28787MEDIUMImproper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible tempoEPSS 0.1%CVE-2026-21026MEDIUMImproper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to senEPSS 0.1%