Vulnerability Details CVE-2015-7888
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.139
EPSS Ranking 93.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html
- http://www.securityfocus.com/bid/77338
- https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1
- http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html
- http://www.securityfocus.com/bid/77338
- https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1
Products affected by CVE-2015-7888
-
cpe:2.3:h:samsung:galaxy_s6_edge:-
-
cpe:2.3:o:samsung:galaxy_s6_edge_firmware:g925vvru1aoe2