Login Sign Up

CVE-2024-49421

4.3 MEDIUM
Path Traversal

📋 TL;DR

This CVE describes a path traversal vulnerability in Samsung's Quick Share Agent on Android devices. It allows adjacent attackers (on the same network) to write files to arbitrary locations on vulnerable devices. Affected users are those running Android 12, 13, or 14 with Quick Share Agent versions below the patched releases.

💻 Affected Systems

Products:
  • Samsung Quick Share Agent
Versions: Prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14
Operating Systems: Android 12, Android 13, Android 14
Default Config Vulnerable: ⚠️ Yes
Notes: Quick Share must be enabled; vulnerability requires attacker to be on same network.

📦 What is this software?

Quick Share by Samsung

View all CVEs affecting Quick Share →

Quick Share by Samsung

View all CVEs affecting Quick Share →

Quick Share by Samsung

View all CVEs affecting Quick Share →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could overwrite critical system files, potentially leading to device compromise, data corruption, or denial of service.

🟠

Likely Case

Local file manipulation leading to data leakage, privilege escalation, or installation of malicious files.

🟢

If Mitigated

Limited impact due to network adjacency requirement and file write restrictions.

🌐 Internet-Facing: LOW - Exploitation requires network adjacency, not internet exposure.
🏢 Internal Only: MEDIUM - Requires attacker on same network segment; risk increases in untrusted Wi-Fi environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Adjacent network access required; no authentication needed for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.14.47 for Android 12, 3.5.19.41 for Android 13, 3.5.19.42 for Android 14

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=12

Restart Required: No

Instructions:

1. Open device Settings. 2. Navigate to Software Update. 3. Check for and install available updates. 4. Verify Quick Share Agent version after update.

🔧 Temporary Workarounds

Disable Quick Share

android

Temporarily disable Quick Share feature to prevent exploitation.

Settings > Connected devices > Connection preferences > Quick Share > Turn off

Restrict Network Access

all

Use trusted networks only and avoid public/untrusted Wi-Fi.

🧯 If You Can't Patch

  • Disable Quick Share feature entirely until patched.
  • Use device only on trusted, secure networks.

🔍 How to Verify

Check if Vulnerable:

Check Quick Share Agent version in Settings > Apps > Quick Share > App info.

Check Version:

Settings > Apps > Quick Share > App info > Version

Verify Fix Applied:

Confirm version is at or above patched versions: 3.5.14.47 (Android 12), 3.5.19.41 (Android 13), or 3.5.19.42 (Android 14).

📡 Detection & Monitoring

Log Indicators:

  • Unusual file write operations via Quick Share
  • Network connections to Quick Share from unexpected sources

Network Indicators:

  • Unexpected network traffic to Quick Share service (typically port 1500)

SIEM Query:

Not typically applicable for mobile device monitoring; focus on endpoint detection.

📊 Metadata

CVE ID: CVE-2024-49421
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-22
Published: December 3, 2024
Last Updated: September 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49421, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)