CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6741 – Samsung Galaxy S9 Untrusted Site Redirection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6741
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-19-254 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2019-6742 – Samsung Galaxy S9 GameServiceReceiver Unsafe Updates Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6742
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477. • https://www.zerodayinitiative.com/advisories/ZDI-19-255 • CWE-358: Improperly Implemented Security Check for Standard •