CVE-2021-35309
low-risk
Published 2023-08-22
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
Do I need to act?
-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
ADJACENT_NETWORK
/ HIGH complexity
Affected Products (1)
Syncthru Web Service
Affected Vendors
References (4)
Third Party Advisory
https://github.com/mustafa-turgut/cve-subscriptions/tree/main/samsung-stws
Vendor Advisory
https://security.samsungmobile.com/securityUpdate.smsb
Third Party Advisory
https://github.com/mustafa-turgut/cve-subscriptions/tree/main/samsung-stws
Vendor Advisory
https://security.samsungmobile.com/securityUpdate.smsb
26
/ 100
low-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal