cve/2021/CVE-2021-25374.md

### [CVE-2021-25374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25374)
![](https://img.shields.io/static/v1?label=Product&message=Samsung%20Members&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Android%20O(8.x)%20and%20below%3C%202.4.83.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen)

### Description

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/FSecureLABS/CVE-2021-25374_Samsung-Account-Access
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/WhooAmii/POC_to_review
- https://github.com/WithSecureLabs/CVE-2021-25374_Samsung-Account-Access
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve