URL Filtering Bypass in Samsung Android Devices
CVE-2016-2567

3.3LOW

Key Information:

Vendor: Samsung
Status: Galaxy S6 Firmware
Vendor: CVE Published:; 13 April 2017

What is CVE-2016-2567?

The vulnerability allows attackers to circumvent URL filtering mechanisms in Samsung's Android kernel on devices such as the SM-N9005 (Note 3) and SM-G920F (Galaxy S6). By inserting a specially crafted query string with an 'exceptional URL', attackers can manipulate the system to bypass intended filters, enabling access to websites that should have otherwise been restricted. This flaw raises significant concerns regarding the integrity of web safety protocols on affected devices.

References

https://github.com/ud2/advisories/tree/master/android/sam...

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2017
Vulnerability Reserved
Feb 25, 2016