Improper input validation in the data controlling network restrictions on Samsung Mobile Devices before the SMR Apr‑2026 Release 1 update allows a physically present attacker to manipulate restriction settings. By altering this data, the device can be coerced into permitting network communication that should be disallowed, which could expose the device to unauthorized data transmission or further local compromise. The vulnerability represents a breach of confidentiality and integrity but does not enable remote code execution or broader system compromise.

All Samsung Mobile Device firmware versions released prior to the SMR Apr‑2026 Release 1 update are affected. No specific build numbers are listed, so the issue is presumed to exist across the entire spectrum of devices shipped before the mentioned update.

The CVSS score of 5.2 indicates moderate risk. The EPSS score is 0.00044 (less than 1%), indicating a very low probability of exploitation. KEV does not list it, further suggesting limited exploitation. Exploitation requires physical possession of the device and the ability to modify the network restriction configuration; thus, attackers without direct device access cannot exploit the flaw. The attack vector is local and exploits improper input validation rather than remote vulnerabilities.