CVE-2016-4032

Name of the Vulnerable Software and Affected Versions Samsung SM-G920F versions G920FXXU2COH2 Samsung SM-N9005 versions N9005XXUGBOK6 Samsung GT-I9192 versions I9192XXUBNB1 Samsung GT-I9195 versions I9195XXUCOL1 Samsung GT-I9505 versions I9505XXUHOJ2

Description The issue allows attackers to modify Android settings by leveraging AT access. This is possible because the devices do not block AT+USBDEBUG and AT+WIFIVALUE.

Recommendations For Samsung SM-G920F version G920FXXU2COH2, restrict access to AT commands to minimize the risk of exploitation. For Samsung SM-N9005 version N9005XXUGBOK6, avoid using AT+USBDEBUG and AT+WIFIVALUE commands until the issue is resolved. For Samsung GT-I9192 version I9192XXUBNB1, consider disabling AT access as a temporary workaround until a patch is available. For Samsung GT-I9195 version I9195XXUCOL1, restrict the use of AT+WIFIVALUE command to prevent modification of Android settings. For Samsung GT-I9505 version I9505XXUHOJ2, disable AT+USBDEBUG command to prevent exploitation.