Android Device Vulnerability in Samsung Mobile Phones
CVE-2016-4032

4.6MEDIUM

Key Information:

Vendor: Samsung
Status: Galaxy S6 Firmware
Vendor: CVE Published:; 13 April 2017

Summary

Certain Samsung smartphones are susceptible to a vulnerability that allows unauthorized modification of device settings through unblocked AT commands, specifically AT+USBDEBUG and AT+WIFIVALUE. Attackers leveraging this flaw can potentially manipulate user configurations or security settings, highlighting the importance of securing input model validation in Android systems. Devices affected include models such as Galaxy S6, Galaxy Note 3, and various Galaxy S4 iterations.

References

https://github.com/ud2/advisories/tree/master/android/sam...

x_refsource_MISC

http://www.securityfocus.com/bid/97650

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 13, 2017
Vulnerability Reserved
Apr 15, 2016