File Access Vulnerability in Web Viewer of Samsung SRN-1670D Devices
CVE-2015-8279

8.6HIGH

Key Information:

Vendor: Samsung
Status: Web Viewer
Vendor: CVE Published:; 15 January 2016

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 52%

What is CVE-2015-8279?

The Web Viewer version 1.0.0.193 on Samsung SRN-1670D devices contains a vulnerability that enables remote attackers to exploit an unspecified PHP script. This flaw allows unauthorized users to read arbitrary files on the system, potentially exposing sensitive data to exploitation. It is critical for users of affected devices to implement security measures to mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2015-8279
Created by Rapid7

References

https://www.kb.cert.org/vuls/id/913000

third-party-advisoryx_refsource_CERT-VN

EPSS Score

52% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 12, 2017
👾
Exploit known to exist
Nov 12, 2017
Vulnerability published
Jan 15, 2016
Vulnerability Reserved
Nov 19, 2015