PT-2023-28441 · Samsung · Find My Mobile

Ademar Nowasky Junior

Publicado

2023-12-04

Atualizado

2023-12-11

CVE-2023-42571

CVSS v3.1

7.6

Alta

Vetor

AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Find My Mobile versions prior to 7.3.13.4

Description The issue allows a physical attacker to unlock a device remotely by resetting the Samsung Account password with SMS verification when the user has lost the device. This is possible due to the abuse of remote unlock in Find My Mobile.

Recommendations For versions prior to 7.3.13.4, update to version 7.3.13.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the remote unlock feature in Find My Mobile until the update is applied.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-42571

Produtos afetados

Find My Mobile

PT-2023-28441 · Samsung · Find My Mobile

CVE-2023-42571

Identificadores relacionados

Produtos afetados

Referências · 5