Incorrect authorization in Samsung Internet
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-39873 |
| CWE-ID | CWE-863 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Samsung Internet Mobile applications / Apps for mobile phones |
| Vendor | Samsung |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Incorrect authorization
EUVDB-ID: #VU68334
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-39873
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authorization checks.
The vulnerability exists due to unprotected receiver in AtBroadcastReceiver. An attacker with physical access can add bookmarks in secret mode without user authentication.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSamsung Internet: before 18.0.4.14
CPE2.3 External linkshttps://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
