Skip to main content

Galaxy S6 Firmware CVE-2016-2566

CRITICAL
SQL Injection (CWE-89)
2017-04-13 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 13, 2017 - 16:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.

AnalysisAI

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. Affected products include: Samsung Galaxy S6 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2016-4031 MEDIUM POC
6.8 Apr 13

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUB

CVE-2016-4030 MEDIUM POC
6.8 Apr 13

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUB

CVE-2018-14856 MEDIUM POC
6.3 Dec 17

Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-

CVE-2018-14855 MEDIUM POC
6.3 Dec 17

Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-F

CVE-2018-14854 MEDIUM POC
6.3 Dec 17

Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-

CVE-2018-14852 MEDIUM POC
6.3 Dec 17

Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver

CVE-2016-2036 MEDIUM POC
5.5 Apr 13

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9

CVE-2016-4032 MEDIUM POC
4.6 Apr 13

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUB

CVE-2018-14853 MEDIUM POC
4.3 Dec 17

A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4

CVE-2016-2567 LOW POC
3.3 Apr 13

secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (G

CVE-2016-2565 LOW POC
3.3 Apr 13

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages,

Share

CVE-2016-2566 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy