Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Samsung SRN-1670D Web Viewer 安全漏洞
Vulnerability Description
Samsung SRN-1670D是韩国三星(Samsung)公司的一款网络视频录像机产品。Web Viewer是其中的一个Web浏览器组件。 Samsung SRN-1670D设备上的Web Viewer 1.0.0.193版本中存在任意文件上传漏洞。远程攻击者可借助带有.php扩展的文件名利用该漏洞上传和执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A