CVE-2016-9567

MEDIUM

Samsung Mobile - Information Disclosure

Title source: rule

Description

The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.

References (2)

[Vendor Advisory] http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94494

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 41.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

samsung/samsung_mobile

n/a/n/a

Timeline

Published Nov 23, 2016

Tracked Since Feb 18, 2026