Login Sign Up

CVE-2021-25440

7.8 HIGH

📋 TL;DR

This vulnerability in Samsung's FactoryCameraFB app allows untrusted applications to access arbitrary files with elevated privileges due to improper access control. It affects Samsung devices running vulnerable versions of the FactoryCameraFB app prior to version 3.4.74. Attackers can exploit this to read sensitive system files they shouldn't have access to.

💻 Affected Systems

Products:
  • Samsung devices with FactoryCameraFB app
Versions: FactoryCameraFB versions prior to 3.4.74
Operating Systems: Android (Samsung devices)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Samsung devices where the vulnerable FactoryCameraFB app is installed. The app may be pre-installed on some Samsung devices.

📦 What is this software?

Factorycamerafb by Samsung

View all CVEs affecting Factorycamerafb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise through reading sensitive system files, credential theft, or privilege escalation leading to full control of the Samsung device.

🟠

Likely Case

Unauthorized access to sensitive user data, configuration files, or system information that could enable further attacks.

🟢

If Mitigated

Limited impact with proper app sandboxing and access controls preventing unauthorized file access.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires a malicious app to be installed on the device. The vulnerability is well-documented in security blogs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FactoryCameraFB version 3.4.74 or later

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7

Restart Required: Yes

Instructions:

1. Update Samsung device to latest firmware. 2. Ensure FactoryCameraFB app is updated to version 3.4.74 or later via Samsung app store. 3. Restart device after update.

🔧 Temporary Workarounds

Disable FactoryCameraFB app

android

Disable the vulnerable FactoryCameraFB app if not needed

adb shell pm disable-user --user 0 com.sec.factory.camera

Restrict app installations

android

Only install apps from trusted sources like Google Play Store

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks
  • Implement application allowlisting to prevent malicious app installation

🔍 How to Verify

Check if Vulnerable:

Check FactoryCameraFB app version: Settings > Apps > FactoryCameraFB > App info

Check Version:

adb shell dumpsys package com.sec.factory.camera | grep versionName

Verify Fix Applied:

Verify FactoryCameraFB version is 3.4.74 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized file access attempts from FactoryCameraFB app
  • Suspicious app installation events

Network Indicators:

  • Unusual data exfiltration from device

SIEM Query:

source="android_logs" app="FactoryCameraFB" action="file_access" result="denied"

📊 Metadata

CVE ID: CVE-2021-25440
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-284
Published: July 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25440, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)