Quick Share
CVE-2024-49421
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from Vendor (samsung) · only source for this CVE.
CVSS VectorVendor: samsung
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.
AnalysisAI
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location. Affected products include: Samsung Quick Share. Version information: version 3.5.14.47.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Quick Share
View allThere exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. Rated me
Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. Rat
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files
Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive infor
The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today