Rpaleari

**Nome do software vulnerável e versões afetadas: Netgear WNR1000v3, versões anteriores à 1.0.2.60 Descrição: O problema está relacionado a uma falha de autenticação no roteador Netgear WNR1000v3. Isso ocorre porque o servidor ignora as verificações de URLs que contenham a extensão “.jpg”. Não há informações disponíveis sobre o número estimado de dispositivos potencialmente afetados em todo o mundo nem detalhes sobre incidentes reais em que essa vulnerabilidade tenha sido explorada. Recomendações: Para versões anteriores à 1.0.2.60, atualize o firmware para a versão 1.0.2.60 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso a URLs que contenham “.jpg” para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** Samsung kernel for Android versions on SM-N9005 build N9005XXUGBOB6 and SM-G920F build G920FXXU2COH2 **Description** The issue concerns a NULL pointer dereference that can be triggered via a "GET HTTP/1.1" request. This is related to the getURL function in drivers/secfilter/urlparser.c in secfilter. **Recommendations** For SM-N9005 build N9005XXUGBOB6, consider disabling the getURL function in drivers/secfilter/urlparser.c until a patch is available. For SM-G920F build G920FXXU2COH2, restrict access to the secfilter module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices **Description** The issue allows attackers to read sent e-mail messages. **Recommendations** For Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices **Description** The issue is related to SQL injection. **Recommendations** For Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Samsung wssyncmlnps versions before 2015-10-31 **Description** The issue allows directory traversal in a Kies restore. **Recommendations** For versions before 2015-10-31, update to a version released after 2015-10-31 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung SM-G920F versions G920FXXU2COH2 Samsung SM-N9005 versions N9005XXUGBOK6 Samsung GT-I9192 versions I9192XXUBNB1 Samsung GT-I9195 versions I9195XXUCOL1 Samsung GT-I9505 versions I9505XXUHOJ2 **Description** The issue allows an attacker to access the modem in USB configuration number 2 while the device is in a secure lockscreen state. This unintended availability enables the attacker to make phone calls, send text messages, or issue commands. **Recommendations** For Samsung SM-G920F version G920FXXU2COH2, update to a version that fixes the issue. For Samsung SM-N9005 version N9005XXUGBOK6, update to a version that fixes the issue. For Samsung GT-I9192 version I9192XXUBNB1, update to a version that fixes the issue. For Samsung GT-I9195 version I9195XXUCOL1, update to a version that fixes the issue. For Samsung GT-I9505 version I9505XXUHOJ2, update to a version that fixes the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung SM-G920F versions G920FXXU2COH2 Samsung SM-N9005 versions N9005XXUGBOK6 Samsung GT-I9192 versions I9192XXUBNB1 Samsung GT-I9195 versions I9195XXUCOL1 Samsung GT-I9505 versions I9505XXUHOJ2 **Description** The issue allows attackers to send AT commands by plugging the device into a Linux host. **Recommendations** For Samsung SM-G920F version G920FXXU2COH2, update to a newer version that contains a fix for this issue. For Samsung SM-N9005 version N9005XXUGBOK6, update to a newer version that contains a fix for this issue. For Samsung GT-I9192 version I9192XXUBNB1, update to a newer version that contains a fix for this issue. For Samsung GT-I9195 version I9195XXUCOL1, update to a newer version that contains a fix for this issue. For Samsung GT-I9505 version I9505XXUHOJ2, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Samsung SM-G920F versions G920FXXU2COH2 Samsung SM-N9005 versions N9005XXUGBOK6 Samsung GT-I9192 versions I9192XXUBNB1 Samsung GT-I9195 versions I9195XXUCOL1 Samsung GT-I9505 versions I9505XXUHOJ2 **Description** The issue allows attackers to modify Android settings by leveraging AT access. This is possible because the devices do not block AT+USBDEBUG and AT+WIFIVALUE. **Recommendations** For Samsung SM-G920F version G920FXXU2COH2, restrict access to AT commands to minimize the risk of exploitation. For Samsung SM-N9005 version N9005XXUGBOK6, avoid using AT+USBDEBUG and AT+WIFIVALUE commands until the issue is resolved. For Samsung GT-I9192 version I9192XXUBNB1, consider disabling AT access as a temporary workaround until a patch is available. For Samsung GT-I9195 version I9195XXUCOL1, restrict the use of AT+WIFIVALUE command to prevent modification of Android settings. For Samsung GT-I9505 version I9505XXUHOJ2, disable AT+USBDEBUG command to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung kernel for Android versions on SM-N9005 build N9005XXUGBOB6 and SM-G920F build G920FXXU2COH2 **Description** The issue allows attackers to bypass URL filtering by inserting an exceptional URL in the query string. For example, the URL 'http://should-have-been-filtered.example.com/?http://google.com' can be used to bypass filtering. **Recommendations** For SM-N9005 build N9005XXUGBOB6, update the software to a version that fixes this issue. For SM-G920F build G920FXXU2COH2, update the software to a version that fixes this issue. As a temporary workaround, consider restricting access to URLs that contain query strings with exceptional URLs until a patch is available.