CVE-2024-20872

Published May 7, 2024

Last updated 5 months ago

CVSS medium 6.2

Overview

Description
Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
android

Risk scores

CVSS 3.1

Type
Primary
Base score
3.3
Impact score
1.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.CVE-2026-21031
  2. Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.CVE-2026-21030
  3. Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.CVE-2026-21029
  4. Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.CVE-2026-21028
  5. Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.CVE-2026-21027

References

Sources include official advisories and independent security research.