CVE-2024-34661

MEDIUM

Samsung Assistant < 9.1.00.7 - Unauthenticated Location Data Exposure via Insufficient Permissions

Title source: llm

Description

Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.

References (1)

Core 1

Core References

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09

Scores

CVSS v3 4.3

EPSS 0.0040

EPSS Percentile 60.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-276

Status published

Products (1)

samsung/assistant < 9.1.00.7

Published Sep 04, 2024

Tracked Since Feb 18, 2026