Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-29153

A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 5300 that involves incorrect authorization of LTE NAS messages and leads to downgrading to lower network generations and repeated DDOS.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.1, indicating it can be exploited remotely over the network but requires specific conditions to be met without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 32 products from samsung, from samsung, from samsung and 29 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-07-09T20:15:10.827

Last Modified

2025-06-26T20:53:40.360

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-400
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System samsung exynos_9820_firmware - Yes
Hardware samsung exynos_9820 - No
Operating System samsung exynos_9825_firmware - Yes
Hardware samsung exynos_9825 - No
Operating System samsung exynos_980_firmware - Yes
Hardware samsung exynos_980 - No
Operating System samsung exynos_990_firmware - Yes
Hardware samsung exynos_990 - No
Operating System samsung exynos_850_firmware - Yes
Hardware samsung exynos_850 - No
Operating System samsung exynos_1080_firmware - Yes
Hardware samsung exynos_1080 - No
Operating System samsung exynos_2100_firmware - Yes
Hardware samsung exynos_2100 - No
Operating System samsung exynos_2200_firmware - Yes
Hardware samsung exynos_2200 - No
Operating System samsung exynos_1280_firmware - Yes
Hardware samsung exynos_1280 - No
Operating System samsung exynos_1380_firmware - Yes
Hardware samsung exynos_1380 - No
Operating System samsung exynos_1330_firmware - Yes
Hardware samsung exynos_1330 - No
Operating System samsung exynos_9110_firmware - Yes
Hardware samsung exynos_9110 - No
Operating System samsung exynos_w920_firmware - Yes
Hardware samsung exynos_w920 - No
Operating System samsung exynos_w930_firmware - Yes
Hardware samsung exynos_w930 - No
Operating System samsung exynos_modem_5123_firmware - Yes
Hardware samsung exynos_modem_5123 - No
Operating System samsung exynos_modem_5300_firmware - Yes
Hardware samsung exynos_modem_5300 - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For samsung's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.