File Access Vulnerability in Web Viewer of Samsung SRN-1670D Devices
CVE-2015-8279

8.6HIGH

Key Information:

Vendor: Samsung
Status: Web Viewer
Vendor: CVE Published:; 15 January 2016

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 61%

Summary

The Web Viewer version 1.0.0.193 on Samsung SRN-1670D devices contains a vulnerability that enables remote attackers to exploit an unspecified PHP script. This flaw allows unauthorized users to read arbitrary files on the system, potentially exposing sensitive data to exploitation. It is critical for users of affected devices to implement security measures to mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2015-8279
Created by Rapid7

References

https://www.kb.cert.org/vuls/id/913000

third-party-advisoryx_refsource_CERT-VN

EPSS Score

61% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Nov 12, 2017
👾
Exploit known to exist
Nov 12, 2017
Vulnerability published
Jan 15, 2016
Vulnerability Reserved
Nov 19, 2015