CVE-2021-25343

MEDIUM

Samsung Members <2.4.81.13-3.8.00.13 - DoS

Title source: llm
STIX 2.1

Description

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://security.samsungmobile.com/
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/serviceWeb.smsb

Scores

CVSS v3 4.0
EPSS 0.0005
EPSS Percentile 17.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-287
Status published
Products (1)
samsung/members < 2.4.81.13
Published Mar 04, 2021
Tracked Since Feb 18, 2026