Main Vulnerability Database Vulnerabilities #VU40035

#VU40035 Information disclosure in Samsung Mobile - CVE-2016-9567

Published: November 23, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40035

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-9567

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Samsung Mobile

Software vendor:
Samsung

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.

Remediation

Install update from vendor's website.

#VU40035 Information disclosure in Samsung Mobile - CVE-2016-9567

Description

Remediation

External links