Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7991

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.

Published

2016-10-31T10:59:08.147

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: COMPLETE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-388
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google android 4.2.2 Yes
Operating System google android 4.3 Yes
Operating System google android 4.3.1 Yes
Operating System google android 4.4 Yes
Operating System google android 4.4.1 Yes
Operating System google android 4.4.2 Yes
Operating System google android 4.4.3 Yes
Operating System google android 4.4.4 Yes
Operating System google android 5.0 Yes
Operating System google android 5.0.1 Yes
Operating System google android 5.0.2 Yes
Operating System google android 5.1 Yes
Operating System google android 5.1.0 Yes
Operating System google android 5.1.1 Yes
Operating System google android 6.0 Yes
Operating System google android 6.0.1 Yes
Hardware samsung galaxy_s4 - No
Hardware samsung galaxy_s4_mini - No
Hardware samsung galaxy_s5 - No
Hardware samsung galaxy_s6 - No
Hardware samsung galaxy_s7 - No
References