CVE-2017-16524

EPSS 30.3%

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.

Affected products

n/a · n/a

public PoCs found — 3

githubgithub.com/realistic-security/CVE-2017-16524★ 4 cve_referencewww.exploit-db.com/exploits/43138/unverified exploitdbwww.exploit-db.com/exploits/43138unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/realistic-security/CVE-2017-16524 https://www.exploit-db.com/exploits/43138/