High severity7.5NVD Advisory· Published Jun 7, 2017· Updated May 13, 2026

CVE-2015-7888

Description

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.

Affected products

Samsung Mobile/Galaxy S6 Edge Firmware
cpe:2.3:o:samsung:galaxy_s6_edge_firmware:g925vvru1aoe2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.htmlnvdThird Party Advisory
www.securityfocus.com/bid/77338nvdThird Party AdvisoryVDB Entry
bugs.chromium.org/p/project-zero/issues/detailnvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000