CVE-2019-6742

CRITICAL

Samsung Galaxy S9 <1.4.20.2 - RCE

Title source: llm

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.

References (1)

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-19-255/

Scores

CVSS v3 9.8

EPSS 0.1921

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-358

Status published

Products (1)

samsung/galaxy_s9_firmware < 1.4.20.2

Published Jun 03, 2019

Tracked Since Feb 18, 2026