CVE-2024-20854

Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image data.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:camera:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:samsung:camera:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:samsung:camera:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*

History

10 Oct 2025, 17:19

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04 -~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04 - Vendor Advisory
CPE		cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:o:google:android:14.0:::::::* cpe:2.3:a:samsung:camera::::::::
First Time		Samsung Samsung camera Google Google android

21 Nov 2024, 08:53

Type	Values Removed	Values Added
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04 -~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04 -

02 Apr 2024, 12:50

Type	Values Removed	Values Added
Summary		(es) El manejo inadecuado de la vulnerabilidad de privilegios insuficientes en Samsung Camera antes de las versiones 12.1.0.31 en Android 12, 13.1.02.07 en Android 13 y 14.0.01.06 en Android 14 permite a atacantes locales acceder a datos de imágenes.

02 Apr 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-02 03:15

Updated : 2025-10-10 17:19

NVD link : CVE-2024-20854

Mitre link : CVE-2024-20854

CVE.ORG link : CVE-2024-20854

JSON object : View

Products Affected

google

android

samsung

camera

CWE

NVD-CWE-Other

{"id": "CVE-2024-20854", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-04-02T03:15:10.870", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image data."}, {"lang": "es", "value": "El manejo inadecuado de la vulnerabilidad de privilegios insuficientes en Samsung Camera antes de las versiones 12.1.0.31 en Android 12, 13.1.02.07 en Android 13 y 14.0.01.06 en Android 14 permite a atacantes locales acceder a datos de im\u00e1genes."}], "lastModified": "2025-10-10T17:19:50.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:camera:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF2D697C-91F8-48C5-85A6-235B826AB638", "versionEndExcluding": "12.1.0.31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:camera:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CCCEAB7-1DEC-42A7-8FA1-2DE599A26CD2", "versionEndExcluding": "13.1.02.07"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:camera:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF909009-FE34-4034-9D7D-8B152418E98C", "versionEndExcluding": "14.0.01.06"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}