CVE-2016-7988

Name of the Vulnerable Software and Affected Versions Samsung Galaxy S devices versions S4 through S7

Description The issue arises from the absence of permissions on the BroadcastReceiver responsible for handling the "com.[Samsung].android.intent.action.SET WIFI" intent. This leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework.

Recommendations For Samsung Galaxy S4 through S7 devices, consider restricting access to the BroadcastReceiver handling the "com.[Samsung].android.intent.action.SET WIFI" intent until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.