CVE-2021-39373

HIGH

Samsung Drive Manager - Insufficiently Protected Credentials

Title source: rule

Description

Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure.

References (1)

[Exploit, Third Party Advisory] https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-j3f7-346q-97f4

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 14.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

samsung/drive_manager

Timeline

Published Sep 01, 2021

Tracked Since Feb 18, 2026