Lucene search
MitreCVELIST:CVE-2017-16524HistoryNov 06, 2017 - 8:00 a.m.
CVE-2017-16524
2017-11-0608:00:00
mitre
www.cve.org
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: ‘network_ssl_upload.php’ allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
Related
metasploit
metasploit
cve
cve
CVE-2017-16524
2017-11-06 08:29:00
CVE-2015-8279
2016-01-15 03:59:10
exploitpack
exploitpack
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload
2017-11-13 00:00:00
nvd
nvd
CVE-2017-16524
2017-11-06 08:29:00
CVE-2015-8279
2016-01-15 03:59:10
packetstorm
packetstorm
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
2018-01-11 00:00:00
Web Viewer 1.0.0.193 (Samsung SRN-1670D) File Upload
2017-11-13 00:00:00
prion
prion
Unrestricted file upload
2017-11-06 08:29:00
Design/Logic Flaw
2016-01-15 03:59:00
attackerkb
attackerkb
exploitdb
exploitdb
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload
2017-11-13 00:00:00
openvas
openvas
Samsung SRN-1670D Multiple Vulnerabilities
2017-11-16 00:00:00
zdt
zdt
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload Exploit
2017-11-13 00:00:00
cvelist
cvelist
CVE-2015-8279
2016-01-15 02:00:00
cert
cert
Samsung SRN-1670D camera contains multiple vulnerabilities
2016-01-12 00:00:00