Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.
La verificación insuficiente de la autenticidad de la URL en GamingHub anterior a la versión 6.1.03.4 en Corea y 7.1.02.4 en Global permite a atacantes remotos cargar una URL arbitraria en su vista web.
This vulnerability allows remote attackers to escalate privileges on affected installations of Samsung Galaxy S24 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the Gaming Hub application. The issue results from the lack of proper validation of a user-supplied URL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary script in the context of a WebView.
