CVE-2016-9567

CWE-200Information Exposure3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 58.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Samsung Mobile
Timeline
PublishedNov 23
Latest updateMay 17

Description

The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v97w-x226-p849: The mDNIe system service on Samsung Mobile S7 devices with M(62022-05-17
CVEList
CVE-2016-9567: The mDNIe system service on Samsung Mobile S7 devices with M(62016-11-23
CVE-2016-9567 (MEDIUM CVSS 5.5) | The mDNIe system service on Samsung | cvebase.io