Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2026-20993MEDIUMImproper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved inforEPSS 0.1%CVE-2023-21483MEDIUMImproper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exporteEPSS 0.1%CVE-2026-21024MEDIUMImproper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functiEPSS 0.1%CVE-2022-33689MEDIUMImproper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unEPSS 0.1%CVE-2022-30751LOWImproper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker toEPSS 0.1%CVE-2022-30750LOWImproper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows atEPSS 0.1%CVE-2022-33717MEDIUMA missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.EPSS 0.1%CVE-2022-30752LOWImproper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker toEPSS 0.1%CVE-2022-33716LOWAn absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.EPSS 0.1%CVE-2022-28780MEDIUMImproper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that EPSS 0.1%CVE-2025-58481HIGHImproper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.EPSS 0.1%CVE-2026-21034MEDIUMImproper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows EPSS 0.1%CVE-2022-36849MEDIUMUse after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to peEPSS 0.1%CVE-2022-36847MEDIUMUse after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform maliciousEPSS 0.1%CVE-2022-33729MEDIUMImproper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connecEPSS 0.1%CVE-2022-30753LOWImproper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device IEPSS 0.1%CVE-2025-21072MEDIUMOut-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write EPSS 0.1%CVE-2021-25388HIGHImproper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.EPSS 0.1%CVE-2022-39897MEDIUMExposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address infoEPSS 0.1%CVE-2022-33728MEDIUMExposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via EPSS 0.1%