Localh0Ster

**Name of the Vulnerable Software and Affected Versions** Bluetooth versions prior to SMR Apr-2026 Release 1 **Description** Incorrect privilege assignment in Bluetooth when in Maintenance mode allows physical attackers to bypass Extend Unlock. **Recommendations** Update to SMR Apr-2026 Release 1.

**Name of the Vulnerable Software and Affected Versions** Citrix Emergency Sharing versions prior to SMR Feb-2026 Release 1 **Description** An improper access control issue exists in Emergency Sharing. This allows local attackers to interrupt the functionality of the service. **Recommendations** Update to SMR Feb-2026 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** Galaxy Watch versions prior to SMR Oct-2025 Release 1 **Description** An issue exists with the insecure storage of sensitive information in Galaxy Watch. Local attackers may be able to access sensitive information. **Recommendations** Update to SMR Oct-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** ContactProvider versions prior to SMR Sep-2025 Release 1 **Description** Improper access control in ContactProvider allows local attackers to access sensitive information. **Recommendations** Update ContactProvider to SMR Sep-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** Galaxy Watch versions prior to SMR Aug-2025 Release 1 **Description** Improper access control in the fall detection feature allows local attackers to modify the fall detection configuration. **Recommendations** Update to SMR Aug-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** versions prior to SMR Aug-2025 Release 1 **Description** An improper access control issue exists in accessing a system device node. This allows local attackers to access the device identifier. **Recommendations** Update to SMR Aug-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** Galaxy Watch versions prior to SMR Aug-2025 Release 1 **Description** Improper access control in `SemSensorService` allows local attackers to access sensitive information related to motion and body sensors. **Recommendations** Update Galaxy Watch to SMR Aug-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** Galaxy Wearable versions prior to 2.2.63.25042861 **Description** Improper access control in Galaxy Wearable allows local attackers to access sensitive information. **Recommendations** Update Galaxy Wearable to version 2.2.63.25042861 or later.

**Name of the Vulnerable Software and Affected Versions** Emergency SoS versions prior to SMR Aug-2025 Release 1 **Description** An improper export of an Android application component in Emergency SoS allows local attackers to access sensitive information. **Recommendations** Update Emergency SoS to SMR Aug-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** Galaxy Watch versions prior to SMR Aug-2025 Release 1 **Description** Improper access control in SemSensorManager allows local attackers to access sensitive information related to outdoor exercise and sleep time. **Recommendations** Update Galaxy Watch to SMR Aug-2025 Release 1 or later.

Name of the Vulnerable Software and Affected Versions: Galaxy Watch versions prior to SMR Jul-2025 Release 1 Description: The issue is related to improper verification of intent by the broadcast receiver in the System UI for Galaxy Watch. This allows local attackers to power off the device. Recommendations: For Galaxy Watch versions prior to SMR Jul-2025 Release 1, as a temporary workaround, consider restricting access to the broadcast receiver in the System UI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SamsungAccount for Galaxy Watch versions prior to SMR Jul-2025 Release 1 Description: The issue is related to improper access control in SamsungAccount for Galaxy Watch, allowing local attackers to access the phone number. Recommendations: For versions prior to SMR Jul-2025 Release 1, update to SMR Jul-2025 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Galaxy Tablet versions prior to SMR Jul-2025 Release 1 Description: The issue concerns improper authorization for accessing saved Wi-Fi passwords on Galaxy Tablet devices. This allows secondary users to access the owner's saved Wi-Fi password. Recommendations: For Galaxy Tablet versions prior to SMR Jul-2025 Release 1, as a temporary workaround, consider restricting access to the Wi-Fi settings until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ScreenCapture for Galaxy Watch versions prior to SMR Jun-2025 Release 1 **Description** The issue is related to improper access control, allowing local attackers to take screenshots. This could potentially lead to unauthorized access to sensitive information displayed on the screen. **Recommendations** For versions prior to SMR Jun-2025 Release 1, as a temporary workaround, consider restricting access to the ScreenCapture function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to SMR Jun-2025 Release 1 **Description** The issue concerns the improper export of Android application components in Bluetooth, allowing local attackers to make devices discoverable. **Recommendations** For Android versions prior to SMR Jun-2025 Release 1, update to SMR Jun-2025 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Cloud for Galaxy Watch versions prior to SMR Jun-2025 Release 1 **Description** The issue is related to an incorrect default permission setting in Samsung Cloud for Galaxy Watch, allowing local attackers to access data. This could potentially expose sensitive information. **Recommendations** For versions prior to SMR Jun-2025 Release 1, update to SMR Jun-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data stored in Samsung Cloud for Galaxy Watch until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Galaxy Watch versions prior to SMR May-2025 Release 1 **Description** The issue concerns the improper export of Android application components in the Settings of the Galaxy Watch, allowing physical attackers to access developer settings. **Recommendations** For Galaxy Watch versions prior to SMR May-2025 Release 1, update to SMR May-2025 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Bluetooth versions prior to SMR Jul-2025 Release 1 Description: The issue concerns improper privilege management in Bluetooth, allowing local attackers to enable Bluetooth. This could potentially lead to unauthorized access or control. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. Recommendations: For versions prior to SMR Jul-2025 Release 1, update to the SMR Jul-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting Bluetooth functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Smart View versions prior to Android 16 **Description** The use of implicit intents for sensitive communication allows local attackers to access sensitive information. **Recommendations** Update Smart View to Android 16 or later.

**Name of the Vulnerable Software and Affected Versions** Galaxy Watch WcsExtension versions prior to Android Watch 16 **Description** An improper access control issue exists in WcsExtension for Galaxy Watch. This allows local attackers to access sensitive information. **Recommendations** Update to Android Watch 16 or later to resolve this issue.