Client-Side Remote Code Execution Vulnerability in Samsung Security Manager
CVE-2016-15046

8.6HIGH

Key Information:

Vendor

Samsung
Status
Security Manager
Vendor
CVE Published:
25 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2016-15046?

A client-side remote code execution vulnerability can be exploited in Samsung Security Manager versions 1.32 and 1.4 due to improper restrictions on the PUT method provided by the included Apache ActiveMQ instance on port 8161. By leveraging a Cross-Origin Resource Sharing (CORS) bypass along with JavaScript-triggered file uploads, an attacker can execute arbitrary code with SYSTEM privileges. This vulnerability circumvents existing server-side mitigations established in previous advisories, redirecting the attack vector to the client-side, thus posing a significant risk to users.

Affected Version(s)

Security Manager 1.32

Security Manager 1.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2016-15046 - Proof of Concept

References

https://raw.githubusercontent.com/rapid7/metasploit-frame...
exploit
http://www.zerodayinitiative.com/advisories/ZDI-15-156/
third-party-advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-481/
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Steven Seeley of Source Incite
.
CVE-2016-15046 : Client-Side Remote Code Execution Vulnerability in Samsung Security Manager