CVE-2021-39373

Published: Sep 1, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure.

Affected (1)

Products: Samsung: Drive Manager

Samsung

1 product

Drive Manager

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Drive Manager	Version 2.0.104

Running on/with	Platform Versions
Samsung H3	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-j3f7-346q-97f4

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-j3f7-346q-97f4

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.