Zhang Qing

**Name of the Vulnerable Software and Affected Versions** Setupwizard versions prior to SMR May-2024 Release 1 **Description** The issue allows physical attackers to bypass authentication and skip the activation step. **Recommendations** For versions prior to SMR May-2024 Release 1, update to the SMR May-2024 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to a signature management vulnerability. Successful exploitation could cause a forged system file to overwrite the correct system file. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue concerns a signature management vulnerability. Successful exploitation could cause a forged system file to overwrite the correct system file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue concerns a signature management vulnerability. Successful exploitation could cause a forged system file to overwrite the correct system file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to an information leak, where successful exploitation could cause the leak of information. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to an information leak, where successful exploitation could cause the leak of information. There is no mention of the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to incorrect privilege assignment, which could lead to device service exceptions if successfully exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to an information leak, where successful exploitation could cause the leak of information. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue concerns a signature management vulnerability. Successful exploitation could cause a forged system file to overwrite the correct system file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue concerns a signature management vulnerability. Successful exploitation could cause a forged system file to overwrite the correct system file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to an information leak, where successful exploitation could cause the leak of information. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Data Store versions prior to 5.2.00.7 **Description** The issue is related to improper handling of insufficient permissions or privileges, allowing remote attackers to access location information without permission. **Recommendations** For versions prior to 5.2.00.7, update to version 5.2.00.7 or later to resolve the issue. As a temporary workaround, consider restricting access to location information until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Samsung Account versions prior to 14.5.00.7 **Description** The issue concerns the use of implicit intent for sensitive communication in the startAgreeToDisclaimerActivity function within Samsung Account. This allows attackers to access arbitrary files with Samsung Account privileges. **Recommendations** For versions prior to 14.5.00.7, update to version 14.5.00.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Cloud versions prior to 5.3.0.32 **Description** The issue is related to improper access control in Samsung Cloud, allowing local attackers to access information with Samsung Cloud's privilege via implicit intent. **Recommendations** For versions prior to 5.3.0.32, update to version 5.3.0.32 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information stored in Samsung Cloud until the update is applied.

**Name of the Vulnerable Software and Affected Versions** imsservice application prior to SMR Oct-2022 Release 1 **Description** The issue is related to improper access control in the imsservice application, allowing local attackers to access call information. **Recommendations** For versions prior to SMR Oct-2022 Release 1, update to SMR Oct-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libapexjni.media.samsung.so versions prior to SMR Sep-2022 Release 1 **Description** The issue is related to an out of bound read in the libapexjni.media.samsung.so library, which allows an attacker to access unauthorized information. **Recommendations** For versions prior to SMR Sep-2022 Release 1, update to the SMR Sep-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Find My Mobile versions prior to 7.2.24.12 **Description** The issue allows local attackers with log access permission to obtain SIM card information through device logs. This is due to a sensitive information exposure vulnerability in the SimChangeAlertManger component. **Recommendations** For versions prior to 7.2.24.12, update to version 7.2.24.12 or later to resolve the issue. As a temporary workaround, consider restricting log access permission to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Property module (affected versions not specified) **Description** The issue concerns a vulnerability in permission control within the Property module. This vulnerability can be exploited to obtain the unique device identifier. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smartphone (affected versions not specified) **Description** The issue is related to configuration defects in smartphones, which can lead to elevated MEID (IMEI) permission upon successful exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smartphones (affected versions not specified) **Description** The issue concerns unauthorized file access, which may impact service confidentiality upon successful exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.