CVE-2016-2060

high

Description

server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.

References

https://www.codeaurora.org/improper-input-validation-tethering-controller-netd-cve-2016-2060-0

http://source.android.com/security/bulletin/2016-05-01.html

Details

Source: Mitre, NVD

Published: 2016-05-09

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00029