PT-2017-1210 · Samsung · Samsung Note+1

0Xr0Ot

Published

2017-01-18

Updated

2017-01-27

CVE-2016-6526

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Samsung Mobile Telecom application (affected versions not specified) Samsung Note device versions 5.0/5.1 and 6.0

Description The issue is related to insufficient access control in the SpamCall Activity component of the Telecom application. It can be exploited by a remote attacker to cause a denial of service, resulting in a crash and reboot, or possibly to gain privileges. This is achieved via a malformed serializable object.

Recommendations For Samsung Note device versions 5.0/5.1 and 6.0, consider restricting access to the SpamCall Activity component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2017-00323

CVE-2016-6526

Affected Products

Samsung Mobile Telecom Application

Samsung Note

PT-2017-1210 · Samsung · Samsung Note+1

CVE-2016-6526

Weakness Enumeration

Related Identifiers

Affected Products

References · 6