CVE-2019-11341

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.

Published: Oct 9, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11341
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.6
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-327

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
google / android	9.0	9.0.x

https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html
https://security.samsungmobile.com/securityUpdate.smsb
https://twitter.com/fs0c131y/status/1115889065285562368

Vulnerability Database

CVE-2019-11341

Deep Security Visibility Without the Complexity