Sign-up

ID

VAR-201711-0110


CVE

CVE-2017-16524


TITLE

Samsung SRN-1670D Run on device Web Viewer Vulnerable to unlimited upload of dangerous types of files

Trust: 0.8

sources: JVNDB: JVNDB-2017-010027

DESCRIPTION

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI. Samsung SRN-1670D Run on device Web Viewer Contains an unlimited upload of dangerous types of files.Existing CVE-2015-8279 Exploiting vulnerabilities could result in information being obtained, information being tampered with, and denial of service (DoS) May be in a state. The SamsungSRN-1670D is a network video recorder product from South Korea's Samsung. WebViewer is one of the web browser components. There is an arbitrary file upload vulnerability in the WebViewer 1.0.0.193 version on the SamsungSRN-1670D device

Trust: 2.16

sources: NVD: CVE-2017-16524 // JVNDB: JVNDB-2017-010027 // CNVD: CNVD-2017-36363

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-36363

AFFECTED PRODUCTS

vendor:hanwhasecuritymodel:web viewerscope:eqversion:1.0.0.193

Trust: 1.6

vendor:samsungmodel:web viewerscope:eqversion:1.0.0.193

Trust: 0.8

vendor:samsungmodel:srn-1670dscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-36363 // JVNDB: JVNDB-2017-010027 // CNNVD: CNNVD-201711-181 // NVD: CVE-2017-16524

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16524
value: HIGH

Trust: 1.0

NVD: CVE-2017-16524
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-36363
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-181
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-16524
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-36363
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-16524
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-36363 // JVNDB: JVNDB-2017-010027 // CNNVD: CNNVD-201711-181 // NVD: CVE-2017-16524

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.8

sources: JVNDB: JVNDB-2017-010027 // NVD: CVE-2017-16524

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-181

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-181

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010027

PATCH
title:Top Pageurl:http://www.hanwha-security.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-010027

EXTERNAL IDS
db:NVDid:CVE-2017-16524
Trust: 3.0
db:EXPLOIT-DBid:43138
Trust: 1.0
db:JVNDBid:JVNDB-2017-010027
Trust: 0.8
db:CNVDid:CNVD-2017-36363
Trust: 0.6
db:CNNVDid:CNNVD-201711-181
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-36363 // 
            
            
            
            JVNDB: JVNDB-2017-010027 // 
            
            
            
            CNNVD: CNNVD-201711-181 // 
            
            
            
            NVD: CVE-2017-16524

REFERENCES
url:https://github.com/realistic-security/cve-2017-16524
Trust: 3.0
url:https://www.exploit-db.com/exploits/43138/
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16524
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16524
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-36363 // 
            
            
            
            JVNDB: JVNDB-2017-010027 // 
            
            
            
            CNNVD: CNNVD-201711-181 // 
            
            
            
            NVD: CVE-2017-16524

SOURCES
db:CNVDid:CNVD-2017-36363
db:JVNDBid:JVNDB-2017-010027
db:CNNVDid:CNNVD-201711-181
db:NVDid:CVE-2017-16524

LAST UPDATE DATE
2025-04-20T23:34:16.728000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-36363date:2017-12-06T00:00:00
db:JVNDBid:JVNDB-2017-010027date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-181date:2017-11-08T00:00:00
db:NVDid:CVE-2017-16524date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-36363date:2017-12-06T00:00:00
db:JVNDBid:JVNDB-2017-010027date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-181date:2017-11-04T00:00:00
db:NVDid:CVE-2017-16524date:2017-11-06T08:29:00.220