| CVE ID | |
| CVSS SCORE | 8.8, AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| AFFECTED VENDORS |
Samsung |
| AFFECTED PRODUCTS |
Galaxy S21 |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Galaxy Store. By manipulating client-side HTML, an attacker can redirect the web view to an arbitrary site. An attacker can leverage this vulnerability to execute code in the context of root. |
| ADDITIONAL DETAILS |
The patch was applied in server side on November 9th, 2021 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) |
