PT-2023-28441 · Samsung · Find My Mobile

Ademar Nowasky Junior

Published

2023-12-04

Updated

2023-12-11

CVE-2023-42571

CVSS v3.1

7.6

High

Vector

AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Find My Mobile versions prior to 7.3.13.4

Description The issue allows a physical attacker to unlock a device remotely by resetting the Samsung Account password with SMS verification when the user has lost the device. This is possible due to the abuse of remote unlock in Find My Mobile.

Recommendations For versions prior to 7.3.13.4, update to version 7.3.13.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the remote unlock feature in Find My Mobile until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-42571

Affected Products

Find My Mobile

PT-2023-28441 · Samsung · Find My Mobile

CVE-2023-42571

Related Identifiers

Affected Products

References · 5