Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for GamingHub by Samsung Mobile

    CVE-2024-49420 (GCVE-0-2024-49420)

    Vulnerability from nvd – Published: 2024-12-03 05:48 – Updated: 2024-12-03 14:29
    VLAI
    Summary
    Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile GamingHub Unaffected: 6.1.04.6 in Korea, 7.1.03.7 in Global
    Create a notification for this product.
    samsung_mobile gaming_hub Unaffected: 6.1.04.6 in Korea, 7.1.03.7 in Global
        cpe:2.3:a:samsung_mobile:gaming_hub:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:samsung_mobile:gaming_hub:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gaming_hub",
                "vendor": "samsung_mobile",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "6.1.04.6 in Korea, 7.1.03.7 in Global"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T14:25:50.468381Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:29:58.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GamingHub",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "6.1.04.6 in Korea, 7.1.03.7 in Global"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T05:48:05.296Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-49420",
        "datePublished": "2024-12-03T05:48:05.296Z",
        "dateReserved": "2024-10-15T05:26:08.661Z",
        "dateUpdated": "2024-12-03T14:29:58.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49419 (GCVE-0-2024-49419)

    Vulnerability from nvd – Published: 2024-12-03 05:48 – Updated: 2024-12-03 11:43
    VLAI
    Summary
    Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile GamingHub Unaffected: 6.1.03.4 in Korea, 7.1.02.4 in Global
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49419",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T11:33:44.182788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T11:43:44.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GamingHub",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "6.1.03.4 in Korea, 7.1.02.4 in Global"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T05:48:04.036Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-49419",
        "datePublished": "2024-12-03T05:48:04.036Z",
        "dateReserved": "2024-10-15T05:26:08.660Z",
        "dateUpdated": "2024-12-03T11:43:44.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49418 (GCVE-0-2024-49418)

    Vulnerability from nvd – Published: 2024-12-03 05:48 – Updated: 2024-12-03 11:43
    VLAI
    Summary
    Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile GamingHub Unaffected: 6.1.03.4 in Korea, 7.1.02.4 in Global
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49418",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T11:33:50.707458Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T11:43:44.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GamingHub",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "6.1.03.4 in Korea, 7.1.02.4 in Global"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T05:48:02.786Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-49418",
        "datePublished": "2024-12-03T05:48:02.786Z",
        "dateReserved": "2024-10-15T05:26:08.660Z",
        "dateUpdated": "2024-12-03T11:43:44.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49420 (GCVE-0-2024-49420)

    Vulnerability from cvelistv5 – Published: 2024-12-03 05:48 – Updated: 2024-12-03 14:29
    VLAI
    Summary
    Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile GamingHub Unaffected: 6.1.04.6 in Korea, 7.1.03.7 in Global
    Create a notification for this product.
    samsung_mobile gaming_hub Unaffected: 6.1.04.6 in Korea, 7.1.03.7 in Global
        cpe:2.3:a:samsung_mobile:gaming_hub:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:samsung_mobile:gaming_hub:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gaming_hub",
                "vendor": "samsung_mobile",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "6.1.04.6 in Korea, 7.1.03.7 in Global"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T14:25:50.468381Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:29:58.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GamingHub",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "6.1.04.6 in Korea, 7.1.03.7 in Global"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T05:48:05.296Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-49420",
        "datePublished": "2024-12-03T05:48:05.296Z",
        "dateReserved": "2024-10-15T05:26:08.661Z",
        "dateUpdated": "2024-12-03T14:29:58.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49419 (GCVE-0-2024-49419)

    Vulnerability from cvelistv5 – Published: 2024-12-03 05:48 – Updated: 2024-12-03 11:43
    VLAI
    Summary
    Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile GamingHub Unaffected: 6.1.03.4 in Korea, 7.1.02.4 in Global
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49419",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T11:33:44.182788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T11:43:44.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GamingHub",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "6.1.03.4 in Korea, 7.1.02.4 in Global"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T05:48:04.036Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-49419",
        "datePublished": "2024-12-03T05:48:04.036Z",
        "dateReserved": "2024-10-15T05:26:08.660Z",
        "dateUpdated": "2024-12-03T11:43:44.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49418 (GCVE-0-2024-49418)

    Vulnerability from cvelistv5 – Published: 2024-12-03 05:48 – Updated: 2024-12-03 11:43
    VLAI
    Summary
    Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile GamingHub Unaffected: 6.1.03.4 in Korea, 7.1.02.4 in Global
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49418",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T11:33:50.707458Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T11:43:44.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GamingHub",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "6.1.03.4 in Korea, 7.1.02.4 in Global"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T05:48:02.786Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-49418",
        "datePublished": "2024-12-03T05:48:02.786Z",
        "dateReserved": "2024-10-15T05:26:08.660Z",
        "dateUpdated": "2024-12-03T11:43:44.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }