Information disclosure in Samsung Mobile - CVE-2016-9567
Published: November 23, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40035
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-9567
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Samsung
Affected software:
Samsung Mobile
Samsung Mobile
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
How to mitigate CVE-2016-9567
Install update from vendor's website.