OMACP App Vulnerability: Remote Unauthorized Configuration Changes on Samsung Galaxy S4-S7 (SVE-2016-6542 Subset)

OMACP App Vulnerability: Remote Unauthorized Configuration Changes on Samsung Galaxy S4-S7 (SVE-2016-6542 Subset)

CVE-2016-7991 · HIGH Severity

AV:N/AC:L/AU:N/C:N/I:C/A:N

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.

Learn more about our Web Application Penetration Testing UK.