CVE-2024-49413
Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
La verificación incorrecta de la firma criptográfica en SmartSwitch antes de la versión 1 de SMR de diciembre de 2024 permite que los atacantes locales instalen aplicaciones maliciosas.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S24. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the Smart Switch Agent application. The issue results from the lack of proper validation of cryptographic signature before installing an application. An attacker can leverage this vulnerability to execute code in the context of the current user.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-10-15 CVE Reserved
- 2024-12-03 CVE Published
- 2025-04-04 EPSS Updated
- 2025-04-09 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samsung Mobile Search vendor "Samsung Mobile" | Samsung Mobile Devices Search vendor "Samsung Mobile" for product "Samsung Mobile Devices" | * | - |
Affected
| ||||||
| Samsung Search vendor "Samsung" | Android Search vendor "Samsung" for product "Android" | * | - |
Affected
| ||||||