CVE-2021-25333

LOW3.2Info disclosure

Description

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.

CVSS breakdown

CVSS 3.1

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Affected products

Samsung Mobile / Samsung Pay Miniunspecified – 4.0.14

References

MISChttps://security.samsungmobile.com
MISChttps://security.samsungmobile.com/serviceWeb.smsb