PT-2014-8480 · Samsung · Samsung Mobile Devices

Published

2014-10-24

Updated

2014-10-24

CVE-2014-8346

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Samsung mobile devices (affected versions not specified)

Description The issue concerns the Remote Controls feature on Samsung mobile devices, which fails to validate the source of lock-code data received over a network. This makes it easier for remote attackers to cause a denial of service by locking the screen with an arbitrary code, triggered by unexpected Find My Mobile network traffic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2014-8346

Affected Products

Samsung Mobile Devices

PT-2014-8480 · Samsung · Samsung Mobile Devices

CVE-2014-8346

Weakness Enumeration

Related Identifiers

Affected Products

References · 3