CVEs-PoC/2021/CVE-2021-25343.md

### [CVE-2021-25343](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25343)
![](https://img.shields.io/static/v1?label=Product&message=Samsung%20Members&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Android%20O(8.1)%20and%20below%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Android%20P(9.0)%20and%20above%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brightgreen)

### Description

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.

### POC

#### Reference
- https://security.samsungmobile.com/serviceWeb.smsb

#### Github
No PoCs found on GitHub currently.