Cross-Site Request Forgery Vulnerability in Samsung Syncthru Web Service
CVE-2018-14908

8.8HIGH

Key Information:

Vendor: Samsung
Status: Syncthru Web Service
Vendor: CVE Published:; 3 August 2018

What is CVE-2018-14908?

The Samsung Syncthru Web Service V4.05.61 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that can be exploited on every request. This vulnerability allows an attacker to trick a user into executing unwanted actions without their consent, specifically through actions such as 'Print emails sent'. Proper security measures should be implemented to mitigate the risks associated with this vulnerability.

References

https://medium.com/stolabs/security-issues-on-samsung-syn...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2018
Vulnerability Reserved
Aug 3, 2018