Improper Access Control in Samsung SCX-6x55X Printers
CVE-2021-42913

7.5HIGH

Key Information:

Vendor: Samsung
Status: Syncthru Web Service
Vendor: CVE Published:; 20 December 2021

Badges

👾 Exploit Exists

Summary

The SyncThru Web Service found on Samsung SCX-6x55X printers allows unauthorized access to sensitive information. Attackers can exploit this vulnerability to retrieve a list of SMB users and their cleartext passwords simply by reading the HTML source code. This security lapse means that no authentication is necessary, making it particularly critical for administrators to secure their devices against potential data leaks.

References

https://security.samsungmobile.com/securityUpdate.smsb

x_refsource_MISC

https://medium.com/%40windsormoreira/samsung-printer-scx-...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Dec 21, 2021
👾
Exploit known to exist
Dec 21, 2021
Vulnerability published
Dec 20, 2021
Vulnerability Reserved
Oct 25, 2021