An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25048
Reference (s):
- https://security.samsungmobile.com/securityUpdate.smsb