4 matches found
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' class MetasploitModule 'Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload', 'Description' = %q This module exploits an...
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
Samsung NVR Recorder SRN-1670D is a high performance network video recorder. An arbitrary file upload vulnerability was found in the Web Viewer component, which could allow an authenticated user to upload a PHP payload to get code execution. Recent assessments: jvazquez-r7 at September 12, 2019...
Design/Logic Flaw
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter...
CVE-2017-14262
CVE-2017-14262 affects Samsung NVR devices. Remote attackers can read the MD5 hash of the admin password via szUserName JSON data sent to cgi-bin/main-cgi and then use that hash in szUserPasswd to log in. The vulnerability is network-exposed with high impact (confidentiality/integrity/availabilit...