CVE-2023-42571

HIGH

Find My Mobile <7.3.13.4 - Privilege Escalation

Title source: llm

Description

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.

References (1)

Core 1

Core References

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12

Scores

CVSS v3 7.6

EPSS 0.0022

EPSS Percentile 44.9%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (1)

samsung/find_my_mobile < 7.3.13.4

Published Dec 05, 2023

Tracked Since Feb 18, 2026