Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7988

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542.

Published

2016-10-31T10:59:03.457

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-275
    CWE-388
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google android 4.2.2 Yes
Operating System google android 4.3 Yes
Operating System google android 4.3.1 Yes
Operating System google android 4.4 Yes
Operating System google android 4.4.1 Yes
Operating System google android 4.4.2 Yes
Operating System google android 4.4.3 Yes
Operating System google android 4.4.4 Yes
Operating System google android 5.0 Yes
Operating System google android 5.0.1 Yes
Operating System google android 5.0.2 Yes
Operating System google android 5.1 Yes
Operating System google android 5.1.0 Yes
Operating System google android 5.1.1 Yes
Operating System google android 6.0 Yes
Operating System google android 6.0.1 Yes
Hardware samsung galaxy_s4 - No
Hardware samsung galaxy_s4_mini - No
Hardware samsung galaxy_s5 - No
Hardware samsung galaxy_s6 - No
Hardware samsung galaxy_s7 - No
References