CVE-2021-25337

MEDIUM KEV

Samsung mobile <SMR Mar-2021 Release 1 - Info Disclosure

Title source: llm

Description

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

Exploits (1)

nomisec WORKING POC
by CrisZalSa · poc
https://github.com/CrisZalSa/JustALampNothingElse

References (3)

Scores

CVSS v3 4.4
EPSS 0.0080
EPSS Percentile 74.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Details

CISA KEV 2022-11-08
VulnCheck KEV 2020-11-03
InTheWild.io 2020-11-03
ENISA EUVD EUVD-2021-12233
CWE
CWE-269
Status published
Products (3)
samsung/android 9.0 smr-apr-2019-r1 (29 CPE variants)
samsung/android 10.0 smr-apr-2020-r1 (16 CPE variants)
samsung/android 11.0 smr-dec-2020-r1 (3 CPE variants)
Published Mar 04, 2021
KEV Added Nov 08, 2022
Tracked Since Feb 18, 2026