PT-2019-18301 · Samsung · Samsung Galaxy S9
Georgi Geshev
+1
·
Published
2019-03-05
·
Updated
2022-10-12
·
CVE-2019-6741
CVSS v3.1
9.3
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Samsung Galaxy S9 versions prior to January 2019 Security Update
Description
This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must connect to a wireless network. The flaw exists within the captive portal, specifically by manipulating HTML to force a page redirection. This can be leveraged to execute code in the context of the current process.
Recommendations
For Samsung Galaxy S9 versions prior to January 2019 Security Update, apply the January 2019 Security Update (SMR-JAN-2019) to resolve the issue. As a temporary workaround, consider avoiding connections to untrusted wireless networks to minimize the risk of exploitation.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Galaxy S9