Details of VAR-202405-1484

ID

VAR-202405-1484

CVE

CVE-2024-20870

TITLE

Samsung's Galaxy Store Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-026319

DESCRIPTION

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. Samsung's Galaxy Store Exists in unspecified vulnerabilities.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-20870 // JVNDB: JVNDB-2024-026319

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy store	scope:	lt	version:	4.5.71.8	Trust: 1.0
vendor:	サムスン	model:	galaxy store	scope:	eq	version:	4.5.71.8	Trust: 0.8
vendor:	サムスン	model:	galaxy store	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	galaxy store	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-026319 // NVD: CVE-2024-20870

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com:	CVE-2024-20870
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-20870
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-20870
value:	MEDIUM
Trust: 0.8

mobile.security@samsung.com:	CVE-2024-20870
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	2.5
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-20870
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-20870
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-026319 // NVD: CVE-2024-20870 // NVD: CVE-2024-20870

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-026319 // NVD: CVE-2024-20870

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20870	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-026319	Trust: 0.8

sources: JVNDB: JVNDB-2024-026319 // NVD: CVE-2024-20870

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2024&month=05	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20870	Trust: 0.8

sources: JVNDB: JVNDB-2024-026319 // NVD: CVE-2024-20870

SOURCES

db:	JVNDB	id:	JVNDB-2024-026319
db:	NVD	id:	CVE-2024-20870

LAST UPDATE DATE

2025-07-22T23:26:24.140000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-026319	date:	2025-07-18T09:21:00
db:	NVD	id:	CVE-2024-20870	date:	2025-07-17T19:59:14.253

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-026319	date:	2025-07-18T00:00:00
db:	NVD	id:	CVE-2024-20870	date:	2024-05-07T05:15:51.420