CVE-2024-49404

Published: Nov 6, 2024Modified: Nov 13, 2024

4.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.

Affected (3)

Products: Samsung: Video Player

Samsung

1 product

Video Player

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Video Player	Before 7.3.29.1

Running on/with	Platform Versions
Samsung Android	Version 12.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Video Player	Before 7.3.36.1

Running on/with	Platform Versions
Samsung Android	Version 13.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Video Player	Before 7.3.41.230

Running on/with	Platform Versions
Samsung Android	Version 14.0

References (1)

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11

Source: mobile.security@samsung.com

Vendor Advisory

Timeline

No history available yet.