Improper Authentication in Google Android - CVE-2016-11041
Published: April 7, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34586
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-11041
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016).
How to mitigate CVE-2016-11041
Install update from vendor's website.