Vulnerabilities
Vulnerable Software
Samsung:  >> Internet  Security Vulnerabilities
Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-05-16
Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-05-07
Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-05
Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.
CVSS Score
6.8
EPSS Score
0.0
Published
2024-03-05
Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-05
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.
CVSS Score
2.4
EPSS Score
0.001
Published
2024-02-06
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.
CVSS Score
3.8
EPSS Score
0.001
Published
2023-08-10
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-07-06
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-10-07
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-06-07


Contact Us

Shodan ® - All rights reserved