Vulnerability CVE-2016-4032

Vulnerability CVE-2016-4032

Published: 2017-04-13

Description:

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
2.1/10	2.9/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Samsung -> Galaxy s4 mini firmware
Samsung -> Galaxy note 3 firmware
Samsung -> Galaxy s4 firmware
Samsung -> Galaxy s6 firmware
Samsung -> Galaxy s4 mini lte firmware

References:

http://www.securityfocus.com/bid/97650

https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004

Copyright 2024, cxsecurity.com