Sign-up

ID

VAR-201612-0305


CVE

CVE-2016-6910


TITLE

Samsung Galaxy S6 Edge Run on device Android Vulnerable to user notification text

Trust: 0.8

sources: JVNDB: JVNDB-2016-006478

DESCRIPTION

The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user's notifications, which tend to contain personal data. AndroidforSamsungGalaxyS6Edge is a Linux-based open source operating system developed by Samsung and the Open Handheld Device Alliance (OHA) in the United States for smartphones released by South Korea's Samsung. An attacker could exploit this vulnerability to obtain sensitive information. Multiple Samsung Galaxy Product are prone to an information-disclosure vulnerability. Information obtained may aid in further attacks

Trust: 2.43

sources: NVD: CVE-2016-6910 // JVNDB: JVNDB-2016-006478 // CNVD: CNVD-2016-13225 // BID: 95092

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-13225

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:5.0.2

Trust: 2.4

vendor:googlemodel:androidscope:eqversion:5.1.1

Trust: 2.4

vendor:googlemodel:androidscope:eqversion:6.0.1

Trust: 2.4

vendor:samsungmodel:galaxy s6 edgescope:eqversion:5.0.2

Trust: 0.6

vendor:samsungmodel:galaxy s6 edgescope:eqversion:5.1.1

Trust: 0.6

vendor:samsungmodel:galaxy s6 edgescope:eqversion:6.0.1

Trust: 0.6

vendor:samsungmodel:galaxy s6 edge+scope:eqversion:0

Trust: 0.3

vendor:samsungmodel:galaxy s6 edgescope:eqversion:0

Trust: 0.3

vendor:samsungmodel:galaxy s6scope:eqversion:0

Trust: 0.3

vendor:samsungmodel:galaxy notescope:eqversion:50

Trust: 0.3

sources: CNVD: CNVD-2016-13225 // BID: 95092 // JVNDB: JVNDB-2016-006478 // CNNVD: CNNVD-201612-655 // NVD: CVE-2016-6910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6910
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6910
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-13225
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-655
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2016-6910
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-13225
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-6910
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-13225 // JVNDB: JVNDB-2016-006478 // CNNVD: CNNVD-201612-655 // NVD: CVE-2016-6910

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2016-006478 // NVD: CVE-2016-6910

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-655

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201612-655

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006478

PATCH
title:Top Pageurl:https://www.android.com/intl/ja_jp/
Trust: 0.8
title:Patches for multiple SamsungGalaxy product information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/86865
Trust: 0.6
title:Samsung Galaxy S6 Edge Android Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66676
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-13225 // 
            
            
            
            JVNDB: JVNDB-2016-006478 // 
            
            
            
            CNNVD: CNNVD-201612-655

EXTERNAL IDS
db:NVDid:CVE-2016-6910
Trust: 3.3
db:BIDid:95092
Trust: 2.7
db:JVNDBid:JVNDB-2016-006478
Trust: 0.8
db:CNVDid:CNVD-2016-13225
Trust: 0.6
db:CNNVDid:CNNVD-201612-655
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-13225 // 
            
            
            
            BID: 95092 // 
            
            
            
            JVNDB: JVNDB-2016-006478 // 
            
            
            
            CNNVD: CNNVD-201612-655 // 
            
            
            
            NVD: CVE-2016-6910

REFERENCES
url:http://www.kryptowire.com/disclosures/cve-2016-6910/factory_resets_and_obtaining_notifications_on_samsung_android_devices.pdf
Trust: 2.7
url:http://www.securityfocus.com/bid/95092
Trust: 2.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6910
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6910
Trust: 0.8
url:http://www.samsung.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-13225 // 
            
            
            
            BID: 95092 // 
            
            
            
            JVNDB: JVNDB-2016-006478 // 
            
            
            
            CNNVD: CNNVD-201612-655 // 
            
            
            
            NVD: CVE-2016-6910

CREDITS
Unknown.
Trust: 0.3
sources:
            
            
            BID: 95092

SOURCES
db:CNVDid:CNVD-2016-13225
db:BIDid:95092
db:JVNDBid:JVNDB-2016-006478
db:CNNVDid:CNNVD-201612-655
db:NVDid:CVE-2016-6910

LAST UPDATE DATE
2025-04-13T23:39:30.402000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-13225date:2016-12-28T00:00:00
db:BIDid:95092date:2017-01-12T01:04:00
db:JVNDBid:JVNDB-2016-006478date:2017-01-04T00:00:00
db:CNNVDid:CNNVD-201612-655date:2017-01-03T00:00:00
db:NVDid:CVE-2016-6910date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-13225date:2016-12-28T00:00:00
db:BIDid:95092date:2016-12-23T00:00:00
db:JVNDBid:JVNDB-2016-006478date:2017-01-04T00:00:00
db:CNNVDid:CNNVD-201612-655date:2016-12-26T00:00:00
db:NVDid:CVE-2016-6910date:2016-12-23T16:59:00.147