PT-2017-7290 · Samsung · Samsung S6 Edge

Published

2017-06-07

Updated

2017-06-14

CVE-2015-7888

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Samsung S6 Edge version G925VVRU1AOE2

Description A directory traversal issue exists in the WifiHs20UtilityService, allowing remote attackers to overwrite or create arbitrary files as the system-level user. This is achieved by including a .. (dot dot) in the name of a file, compressing it into a zipped file named cred.zip, and downloading it to /sdcard/Download.

Recommendations For Samsung S6 Edge version G925VVRU1AOE2, as a temporary workaround, consider restricting access to the WifiHs20UtilityService until a patch is available. Avoid downloading zipped files from untrusted sources to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2015-7888

Affected Products

Samsung S6 Edge

PT-2017-7290 · Samsung · Samsung S6 Edge

CVE-2015-7888

Weakness Enumeration

Related Identifiers

Affected Products

References · 4