CVE-2015-7888

Samsung WifiHs20UtilityService Path Traversal

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.

Vulnerabilidad de salto de directorio en WifiHs20UtilityService en el Samsung S6 Edge LRX22G.G925VVRU1AOE2, permite a atacantes remotos sobrescribir o crear archivos arbitrarios como un usuario a nivel de sistema a través de .. (punto punto) en un archivo comprimido en Cred.zip, y descargado en /sdcard/Download.

A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-10-22 CVE Reserved
2015-10-27 CVE Published
2024-08-06 CVE Updated
2024-09-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (3)

URL	Tag	Source
http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html	Third Party Advisory
http://www.securityfocus.com/bid/77338	Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Samsung Search vendor "Samsung"	Galaxy S6 Edge Firmware Search vendor "Samsung" for product "Galaxy S6 Edge Firmware"	g925vvru1aoe2 Search vendor "Samsung" for product "Galaxy S6 Edge Firmware" and version "g925vvru1aoe2"	-	Affected	in	Samsung Search vendor "Samsung"	Galaxy S6 Edge Search vendor "Samsung" for product "Galaxy S6 Edge"	-	-	Safe