CVE-2015-7888

May 17, 2025

Severity Level: High
AppRisk Coverage: Yes
Type: Vulnerability
OWASP: M4: Unintended Data Leakage
Aliases:

Samsung Galaxy S6 Directory Traversal Vulnerability
SVE-2015-4649

Platform: Android
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

CVE-2015-7888

Details or analysis:

This is a directory traversal vulnerability present in Samsung Galaxy S6 mobile devices, with Android OS 4.4 and above. The vulnerability exists because the service “WifiHS20UtilityService” reads any files written as “/sdcard/Download/cred.zip” and unzips them into “/data/bundle” on the device.

An attacker or malicious application could exploit this vulnerability resulting in the execution of arbitrary code.

Reference:

http://www.securityfocus.com/bid/77338/discuss
http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015

Security

CVE-2015-7888

Details or analysis:

Reference:

NewSky Security

Links

Get In Touch