PT-2016-7456 · Samsung+1 · Samsung Galaxy S+1

Published

2016-10-31

Updated

2016-12-02

CVE-2016-7988

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Samsung Galaxy S devices versions S4 through S7

Description The issue arises from the absence of permissions on the BroadcastReceiver responsible for handling the "com.[Samsung].android.intent.action.SET WIFI" intent. This leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework.

Recommendations For Samsung Galaxy S4 through S7 devices, consider restricting access to the BroadcastReceiver handling the "com.[Samsung].android.intent.action.SET WIFI" intent until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-388CWE-275

Related Identifiers

CVE-2016-7988

Affected Products

Android Framework

Samsung Galaxy S

PT-2016-7456 · Samsung+1 · Samsung Galaxy S+1

CVE-2016-7988

Weakness Enumeration

Related Identifiers

Affected Products

References · 4