CVE-2016-4032

CWE-284Improper Access Control3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 71.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Samsung Galaxy Note 3 FirmwareSamsung Galaxy S4 FirmwareSamsung Galaxy S4 Mini Firmware+2 more
Timeline
PublishedApr 13
Latest updateMay 17

Description

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages5 packages

NVDsamsung/galaxy_s4_firmwarei9505xxuhoj2
NVDsamsung/galaxy_s6_firmwareg920fxxu2coh2

🔴Vulnerability Details

2
GHSA
GHSA-q3vh-9hx4-f8m5: Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I91952022-05-17
CVEList
CVE-2016-4032: Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I91952017-04-13
CVE-2016-4032 (MEDIUM CVSS 4.6) | Samsung SM-G920F build G920FXXU2COH | cvebase.io