Login Sign Up

CVE-2023-21514

7.5 HIGH

📋 TL;DR

This vulnerability in Samsung Galaxy Store allows attackers to bypass scheme validation in InstantPlay Deeplink functionality, enabling them to execute JavaScript APIs that can install APK files without user consent. It affects Galaxy Store versions prior to 4.5.49.8 on Samsung Android devices. Attackers can exploit this to install malicious applications through the Galaxy Store interface.

💻 Affected Systems

Products:
  • Samsung Galaxy Store
Versions: Versions prior to 4.5.49.8
Operating Systems: Android (Samsung devices)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Samsung devices with Galaxy Store installed. Requires user interaction with malicious link.

📦 What is this software?

Galaxy Store by Samsung

View all CVEs affecting Galaxy Store →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could silently install malicious APKs with system-level permissions, potentially leading to full device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Attackers trick users into clicking malicious links that exploit the vulnerability to install unwanted or malicious applications through Galaxy Store.

🟢

If Mitigated

With updated Galaxy Store version, the scheme validation prevents unauthorized JavaScript API execution and APK installation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to click malicious link but doesn't require authentication. JavaScript execution leads to APK installation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.49.8 and later

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01

Restart Required: No

Instructions:

1. Open Galaxy Store app 2. Go to Settings 3. Check for updates 4. Install version 4.5.49.8 or later 5. Alternatively, update through Samsung's app update mechanism

🔧 Temporary Workarounds

Disable Galaxy Store auto-updates

android

Prevent automatic installation of potentially malicious APKs through Galaxy Store

Use alternative app stores

android

Temporarily disable Galaxy Store and use Google Play Store or other trusted sources

🧯 If You Can't Patch

  • Disable Galaxy Store completely via device administrator settings
  • Implement network filtering to block malicious deeplink URLs

🔍 How to Verify

Check if Vulnerable:

Check Galaxy Store version in app settings. If version is below 4.5.49.8, device is vulnerable.

Check Version:

No command line option. Check via: Galaxy Store → Settings → About Galaxy Store

Verify Fix Applied:

Confirm Galaxy Store version is 4.5.49.8 or higher in app settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual APK installation events via Galaxy Store
  • JavaScript API calls from deeplink sources

Network Indicators:

  • HTTP requests to malicious domains triggering deeplinks
  • Unusual traffic patterns to Galaxy Store endpoints

SIEM Query:

Not applicable for typical mobile device management

📊 Metadata

CVE ID: CVE-2023-21514
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: May 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21514, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)