5
CVSSv2

CVE-2015-8279

Published: 15/01/2016 Updated: 20/01/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9
VMScore: 540
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote malicious users to read arbitrary files via a request to an unspecified PHP script.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

Mailing Lists

Web Viewer version 100193 on Samsung SRN-1670D suffers from an unrestricted file upload vulnerability ...
This Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 100193 on Samsung SRN-1670D devices The network_ssl_uploadphp file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a php extension, which is then accessed via a direct request to the file in the upload/ di ...

Metasploit Modules

Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload

This module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing local file read vulnerability referenced by CVE-2015-8279, which allows remote attackers to read the web interface credentials by sending a request to: cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.

msf > use exploit/linux/http/samsung_srv_1670d_upload_exec
      msf exploit(samsung_srv_1670d_upload_exec) > show targets
            ...targets...
      msf exploit(samsung_srv_1670d_upload_exec) > set TARGET <target-id>
      msf exploit(samsung_srv_1670d_upload_exec) > show options
            ...show and set options...
      msf exploit(samsung_srv_1670d_upload_exec) > exploit