VAR-201610-0196
Vulnerability from variot - Updated: 2025-04-13 23:14On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. This vulnerability SVE-2016-6542 Is part of Supplementary information : CWE Vulnerability type by CWE-275: Permission Issues ( Permission issues ) and CWE-388: Error Handling ( Error handling ) Has been identified. https://cwe.mitre.org/data/definitions/275.html https://cwe.mitre.org/data/definitions/388.htmlAndroid In the framework of wifi-service.jar Could cause unintended configuration messages to be processed by. SamsungGalaxyS4 and so on are all smart mobile devices released by South Korea's Samsung. An information modification vulnerability exists in Samsung Galaxy S4 to S7 devices due to a failure of the program to verify the BroadcastReceiver response. An attacker could exploit the vulnerability to illegally change configuration information. Remote attackers can exploit this issue to cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0196",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 2.7,
"vendor": "google",
"version": "6.0"
},
{
"model": "android",
"scope": "eq",
"trust": 2.7,
"vendor": "google",
"version": "4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 1.9,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.9,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.9,
"vendor": "google",
"version": "5.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.9,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 1.9,
"vendor": "google",
"version": "4.4.3"
},
{
"model": "android",
"scope": "eq",
"trust": 1.9,
"vendor": "google",
"version": "4.4.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.9,
"vendor": "google",
"version": "4.4.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.9,
"vendor": "google",
"version": "5.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "5.0.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "4.3.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "4.2.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "5.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "4.3"
},
{
"model": "android",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "5.1.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "5.0/5.1"
},
{
"model": "galaxy s4",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s4 mini",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s5",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s6",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s7",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy \u003e=s4,\u003c=s7",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s7",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "galaxy s6",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "galaxy s5",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "galaxy s4 mini",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "galaxy s4",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10559"
},
{
"db": "BID",
"id": "94081"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-878"
},
{
"db": "NVD",
"id": "CVE-2016-7988"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:google:android",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:samsung:galaxy_s4",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:samsung:galaxy_s4_mini",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:samsung:galaxy_s5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:samsung:galaxy_s6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:samsung:galaxy_s7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94081"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-7988",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10559",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-7988",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7988",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-7988",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10559",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-878",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10559"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-878"
},
{
"db": "NVD",
"id": "CVE-2016-7988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. This vulnerability SVE-2016-6542 Is part of Supplementary information : CWE Vulnerability type by CWE-275: Permission Issues ( Permission issues ) and CWE-388: Error Handling ( Error handling ) Has been identified. https://cwe.mitre.org/data/definitions/275.html https://cwe.mitre.org/data/definitions/388.htmlAndroid In the framework of wifi-service.jar Could cause unintended configuration messages to be processed by. SamsungGalaxyS4 and so on are all smart mobile devices released by South Korea\u0027s Samsung. An information modification vulnerability exists in Samsung Galaxy S4 to S7 devices due to a failure of the program to verify the BroadcastReceiver response. An attacker could exploit the vulnerability to illegally change configuration information. \nRemote attackers can exploit this issue to cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7988"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"db": "CNVD",
"id": "CNVD-2016-10559"
},
{
"db": "BID",
"id": "94081"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7988",
"trust": 3.3
},
{
"db": "BID",
"id": "94081",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005710",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-10559",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201610-878",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10559"
},
{
"db": "BID",
"id": "94081"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-878"
},
{
"db": "NVD",
"id": "CVE-2016-7988"
}
]
},
"id": "VAR-201610-0196",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10559"
}
],
"trust": 1.088832405
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10559"
}
]
},
"last_update_date": "2025-04-13T23:14:13.563000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.android.com/intl/ja_jp/"
},
{
"title": "SVE-2016-6542",
"trust": 0.8,
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"title": "Patches for several SamsungGalaxy device information modification vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83441"
},
{
"title": "Multiple Samsung Galaxy Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65199"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10559"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-878"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-388",
"trust": 1.0
},
{
"problemtype": "CWE-275",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"db": "NVD",
"id": "CVE-2016-7988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://security.samsungmobile.com/smrupdate.html#smr-aug-2016"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/94081"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7988"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7988"
},
{
"trust": 0.6,
"url": "http://security.samsungmobile.com/smrupdate.html#smr"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10559"
},
{
"db": "BID",
"id": "94081"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-878"
},
{
"db": "NVD",
"id": "CVE-2016-7988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10559"
},
{
"db": "BID",
"id": "94081"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-878"
},
{
"db": "NVD",
"id": "CVE-2016-7988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10559"
},
{
"date": "2016-11-01T00:00:00",
"db": "BID",
"id": "94081"
},
{
"date": "2016-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-878"
},
{
"date": "2016-10-31T10:59:03.457000",
"db": "NVD",
"id": "CVE-2016-7988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10559"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94081"
},
{
"date": "2016-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005710"
},
{
"date": "2016-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-878"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-7988"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-878"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Galaxy Vulnerabilities that trigger unintended configuration messages on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-878"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…