Unrated severityNVD Advisory· Published Jun 5, 2024· Updated Mar 17, 2025

CVE-2024-28818

Description

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) module. This can lead to disclosure of sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper RRC state check in Samsung Exynos baseband software may lead to disclosure of sensitive information.

Vulnerability

The baseband software in Samsung Exynos processors (980, 990, 1080, 2100, 2200, 1280, 1380, 1330, 2400) and Exynos Modems (5123, 5300) fails to properly verify states specified by the Radio Resource Control (RRC) module. This vulnerability arises from missing or incorrect state validation in the baseband firmware, affecting devices using the listed chips.

Exploitation

An attacker, such as a malicious network entity (e.g., a fake base station), can send crafted RRC messages over the air to trigger the state validation flaw. No prior authentication or physical proximity is required. The attack involves sending malformed or out-of-sequence RRC state transitions that the baseband software does not correctly check.

Impact

Successful exploitation could lead to disclosure of sensitive information processed by the baseband, including network configuration details, user data, or cryptographic material. The exact scope is not detailed, but it may compromise user privacy and network security.

Mitigation

As of the publication date (June 5, 2024), no specific fix has been announced. Users should monitor Samsung's product security updates for future patches. No workaround is currently available.

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Samsung Mobile/Exynos 5800cpe-rescue
Samsung Mobile/Exynos 1280 Firmwarellm-fuzzy
Samsung Mobile/Exynos 1330 Firmwarellm-fuzzy
Samsung Mobile/Exynos 1380 Firmwarellm-fuzzy
Samsung Mobile/Exynos 990 Firmwarellm-fuzzy
Samsung Mobile/Exynos 1080 Firmwarellm-fuzzy
Samsung Mobile/Exynos 2100 Firmwarellm-fuzzy
Samsung Mobile/Exynos 2400 Firmwarellm-fuzzy
Samsung Mobile/Exynos Modem 5300 Firmwarellm-fuzzy
Samsung Mobile/Exynos Modem 5123 Firmwarellm-fuzzy
Samsung Mobile/Exynos 9820llm-fuzzy
Samsung Mobile/EExynos 2200llm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

semiconductor.samsung.com/support/quality-support/product-security-updates/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000