CVE-2019-11341

medium

Description

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.

References

https://twitter.com/fs0c131y/status/1115889065285562368

https://security.samsungmobile.com/securityUpdate.smsb

https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html

Details

Source: Mitre, NVD

Published: 2019-10-09

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4.6

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00017