CVE-2016-2567

LOW

Samsung Galaxy S6 Firmware - Improper Input Validation

Title source: rule

Description

secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL.

References (1)

Core 1

Core References

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003

View Exploit ZIP pw:eip

Scores

CVSS v3 3.3

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-20

Status published

Products (2)

samsung/galaxy_note_3_firmware n9005xxugbob6

samsung/galaxy_s6_firmware g920fxxu2coh2

Published Apr 13, 2017

Tracked Since Feb 18, 2026