Description
Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
Published: 2026-06-05
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper input validation in Samsung Plus TV versions earlier than 1.0.28.6 permits attackers to send crafted data that bypasses normal checks, enabling the retrieval of confidential information. The vulnerability is a classic case of unsecured input leading to information disclosure. No direct denial‑of‑service or code‑execution effects are described, but the exposure of sensitive data alone can facilitate further compromise or credential theft.

Affected Systems

The affected product is Samsung Mobile’s Samsung Plus TV, firmware or software versions prior to 1.0.28.6. No specific sub‑model or device scope is listed beyond the product line.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity; the lack of an EPSS value suggests no current exploitation data are publicly available, and the vulnerability is not listed in CISA’s KEV catalog. With the likely attack vector being remote submission of malformed input, the risk to devices that are exposed to the internet is significant for confidentiality but limited to information disclosure rather than remote code execution. Addressing the flaw by updating firmware mitigates the risk entirely.

Generated by OpenCVE AI on June 5, 2026 at 11:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Samsung Plus TV to firmware version 1.0.28.6 or later.
  • If a newer firmware update is not yet available, apply any interim security advisories issued by Samsung regarding this issue.
  • Configure network restrictions to limit external access to the device’s management interfaces and monitor for anomalous input activity.

Generated by OpenCVE AI on June 5, 2026 at 11:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 07 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Mobile
Samsung Mobile samsung Plus Tv
Vendors & Products Samsung Mobile
Samsung Mobile samsung Plus Tv

Fri, 05 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Title Samsung Plus TV Remote Access to Sensitive Information via Improper Input Validation
Weaknesses CWE-20
CWE-200

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Description Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
References
Metrics cvssV4_0

{'score': 6.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Samsung Mobile Samsung Plus Tv
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-06-05T19:10:21.789Z

Reserved: 2025-12-11T01:33:35.806Z

Link: CVE-2026-21035

cve-icon Vulnrichment

Updated: 2026-06-05T19:10:16.020Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-05T11:16:36.167

Modified: 2026-06-05T14:59:51.620

Link: CVE-2026-21035

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T11:17:20Z

Weaknesses
  • CWE-20

    Improper Input Validation

  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor