CVE-2018-21039

HIGH

Samsung Android N(7.0) - Unauthenticated Lockscreen Bypass via Quick Tools Compass Feature

Title source: llm
STIX 2.1

Description

An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018).

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/securityUpdate.smsb

Scores

CVSS v3 7.5
EPSS 0.0041
EPSS Percentile 32.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-863
Status published
Products (1)
google/android 7.0
Published Apr 08, 2020
Tracked Since Feb 18, 2026