CVE-2021-25354

Description

Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

Samsung Mobile / Samsung Internetunspecified – 13.2.1.46

References

MISChttps://security.samsungmobile.com/
MISChttps://security.samsungmobile.com/serviceWeb.smsb