CVE-2021-25435

2021-07-0813:46:59

CWE-20

Samsung Mobile

www.cve.org

tizen bootloader

input validation

arbitrary code execution

firmware update

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

73.9%

JSON

Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode.

CNA Affected

[
  {
    "product": "Tizen wearable devices",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "Firmware update JUL-2021 Release",
        "status": "affected",
        "version": "Tizen 5.5",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7