CVE-2004-2626

Siemens S55 - Unauthenticated SMS Spoofing via GUI Overlay

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2626. PoCs published by FtR.

AI-analyzed exploit summary This exploit demonstrates a race condition vulnerability in Siemens S55 phones, allowing SMS messages to be sent without user confirmation. The PoC uses the Siemens-specific SMS API to send an SMS in the background while displaying distracting UI elements.

Description

GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by FtR · javaremotehardware

https://www.exploit-db.com/exploits/24065

View Code ZIP pw:eip

This exploit demonstrates a race condition vulnerability in Siemens S55 phones, allowing SMS messages to be sent without user confirmation. The PoC uses the Siemens-specific SMS API to send an SMS in the background while displaying distracting UI elements.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Racy

Target: Siemens S55 (and potentially other Siemens mobile phones with similar firmware)

No auth needed

Prerequisites: Physical or remote installation of the malicious MIDlet on the target device · Target device must be a vulnerable Siemens model

MITRE ATT&CK