Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local-only access with low privileges required; impact is limited to low confidentiality of connected device data with no integrity or availability consequence.
Primary rating from Vendor (samsung).
CVSS VectorVendor: samsung
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.
AnalysisAI
Improper authorization in Samsung Health prior to version 7.00.0.107 exposes connected device information to local, low-privileged attackers on the same Android device. The flaw likely involves an improperly protected Android IPC mechanism - such as a content provider or broadcast receiver - that fails to enforce access controls over paired wearable or peripheral device data. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires local access to an Android device running Samsung Health prior to version 7.00.0.107, and the ability to execute code at low privilege level on that device (e.g., a sideloaded or malicious Play Store app). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 4.8 (Medium) accurately reflects the constrained risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious third-party Android application installed on the victim's Samsung device - with only standard low-privilege permissions - queries Samsung Health's improperly protected data interface to enumerate paired Bluetooth wearables, such as Galaxy Watch device identifiers or pairing status. The attacker uses this information for device fingerprinting or to correlate the victim's health-related hardware. … |
| Remediation | Update Samsung Health to version 7.00.0.107 or later, available via the Galaxy Store or Google Play Store on affected Samsung Android devices. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att
Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42826
GHSA-2qcr-4rxg-q25w