CVE-2021-25343

Summary

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung MembersAndroid O(8.1) and below < 2.4.81.13affected
Samsung MobileSamsung MembersAndroid P(9.0) and above < 3.8.00.13affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References