CVE-2019-16401

Name of the Vulnerable Software and Affected Versions Samsung Galaxy S8 plus version 8.0.0 Samsung Galaxy S3 version 4.3 Samsung Galaxy Note 2 version 4.3

Description The issue allows for the injection of AT+CIMI and AT+CGSN commands over Bluetooth, resulting in the leakage of sensitive information. This includes IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.

Recommendations For Samsung Galaxy S8 plus version 8.0.0, restrict access to Bluetooth functionality until a patch is available. For Samsung Galaxy S3 version 4.3, consider disabling Bluetooth connectivity to minimize the risk of exploitation. For Samsung Galaxy Note 2 version 4.3, avoid using Bluetooth for sensitive operations until the issue is resolved.