Published: 20/12/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The SyncThru Web Service on Samsung SCX-6x55X printers allows an malicious user to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samsung syncthru_web_service -

Webmin Local File Include (unauthenticated)

CVE-2021-42913 Webmin before 1290 and Usermin before 1220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "%01" sequences, which bypass the removal of "/" sequences before bytes such as "%01" are removed from the filename

Samsung Printer SCX-6X55X Improper Access Control

CVE-2021-42913 Samsung Printer SCX-6X55X Improper Access Control Samsung Printer SCX-6x55X Series SyncThru Web Service is affected by an improper access control vulnerability The vulnerability can permit an attacker to gain access to a list of SMB users and passwords

Webmin Local File Include (unauthenticated)

CVE-2021-42913 Webmin before 1290 and Usermin before 1220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "%01" sequences, which bypass the removal of "/" sequences before bytes such as "%01" are removed from the filename

CWE-522 https://security.samsungmobile.com/securityUpdate.smsb https://medium.com/%40windsormoreira/samsung-printer-scx-6x55x-improper-access-control-cve-2021-42913-bd50837e5e9a https://nvd.nist.gov https://github.com/windsormoreira/CVE-2006-3392

CVE-2021-42913

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect