Описание
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:samsung:galaxy_s6_edge_firmware:g925vvru1aoe2:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.03773
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
EPSS
Процентиль: 88%
0.03773
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22