CVE-2015-7888

Name of the Vulnerable Software and Affected Versions Samsung S6 Edge version G925VVRU1AOE2

Description A directory traversal issue exists in the WifiHs20UtilityService, allowing remote attackers to overwrite or create arbitrary files as the system-level user. This is achieved by including a .. (dot dot) in the name of a file, compressing it into a zipped file named cred.zip, and downloading it to /sdcard/Download.

Recommendations For Samsung S6 Edge version G925VVRU1AOE2, as a temporary workaround, consider restricting access to the WifiHs20UtilityService until a patch is available. Avoid downloading zipped files from untrusted sources to minimize the risk of exploitation.