cvedb.io
CVE-2016-7991
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2016-10-31T10:59:08.147 · Last modified 2026-06-17T00:53:54.153

Summary

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.

Affected products

google — android

Does this affect you?

Add your gear to cvedb and we'll alert you only when google ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.