CVE-2023-21482
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-10-01
Assigner: Samsung Mobile
Description
Description
Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | camera | to 11.1.02.18 (exc) |
| android | 11.0 | |
| samsung | camera | to 12.1.03.8 (exc) |
| android | 12.0 | |
| samsung | camera | to 13.1.04.4 (exc) |
| android | 13.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authorization issue in the Camera app on certain Android versions. It allows a physical attacker to install a package through the Galaxy Store before the device's Setup wizard is completed.
How can this vulnerability impact me? :
An attacker with physical access to the device can install unauthorized software before the device setup is finished, potentially leading to compromise of confidentiality and integrity of data on the device.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70