CVE-2024-20870

Published: May 7, 2024Modified: Jul 17, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

Affected (1)

Products: Samsung: Galaxy Store

Samsung

1 product

Galaxy Store

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Samsung Galaxy Store	Before 4.5.71.8

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=05

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=05

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.