CVE-2023-42579

MEDIUM

Samsung Keyboard < 5.3.70.1 - Cleartext Transmission of Sensitive Information via HTTP

Title source: llm
STIX 2.1

Description

Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0017
EPSS Percentile 6.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-319
Status published
Products (1)
samsung/samsung_keyboard < 5.3.70.1
Published Dec 05, 2023
Tracked Since Feb 18, 2026