CVE-2015-7888
published 2017-06-07CVE-2015-7888: Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create…
PriorityP345high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
4.05%
89.4th percentile
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | galaxy_s6_edge_firmware | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:C/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rw4p-qwp2-rc5q: Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G
ghsa_unreviewed·2022-05-17
CVE-2015-7888 [HIGH] CWE-22 GHSA-rw4p-qwp2-rc5q: Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
Project0
Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge - Project Zero
project_zero·2015-11-01
CVE-2015-7888 Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge - Project Zero
Posted by Natalie Silvanovich, Planner of Bug Bashes
Recently, Project Zero researched a popular Android phone, the Samsung Galaxy S6 Edge. We discovered and reported 11 high-impact security issues as a result. This post discusses our motivations behind the research, our approach in looking for vulnerabilities on the device and what we learned by investigating it.
The majority of Android devices are not made by Google, but by external companies known as Original Equipment Manufacturers or OEMs which use the Android Open-Source Project (AOSP) as the basis for mobile devices which they manufacture. OEMs are an important area for Android security research, as they introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequenc
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.htmlhttp://www.securityfocus.com/bid/77338https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.htmlhttp://www.securityfocus.com/bid/77338https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1
2017-06-07
Published