Skip to main content

Missing Authentication for Critical Function

CVE-2020-25048

Severity Low
Score 2.1/10

Summary

An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).

  • LOW
  • LOCAL
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-306 - Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

Advisory Timeline

  • Published