CVE-2024-34661

Published Sep 4, 2024

Last updated 2 years ago

CVSS medium 4.3

Overview

Description
Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
assistant

Risk scores

CVSS 3.1

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-276

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.CVE-2026-21032
  2. Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.CVE-2026-21033
  3. An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.CVE-2025-66593
  4. Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.CVE-2026-20993
  5. Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.CVE-2017-11160

References

Sources include official advisories and independent security research.