VYPR
High severity7.8NVD Advisory· Published Sep 11, 2016· Updated Jun 17, 2026

CVE-2016-3887

CVE-2016-3887

Description

providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Google/Android2 versions
    cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    • (no CPE)range: 7.0 before 2016-09-01

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.