메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16524

관리자 2017.11.09 04:00 조회 수 : 163

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16524
번호 제목 글쓴이 날짜 조회 수
542 CVE-2017-9650 관리자 2017.08.27 226
541 CVE-2018-5784 관리자 2018.01.25 225
540 CVE-2017-0035 관리자 2017.03.18 225
539 CVE-2016-3221 관리자 2016.06.17 225
538 CVE-2017-15093 관리자 2018.01.25 224
537 CVE-2018-6022 관리자 2018.01.25 224
536 CVE-2017-0034 관리자 2017.03.18 224
535 CVE-2017-12703 관리자 2017.08.27 223
534 CVE-2017-5686 관리자 2017.04.04 223
533 CVE-2018-6013 관리자 2018.01.25 222
532 CVE-2016-0200 관리자 2016.06.17 222
531 CVE-2017-7934 관리자 2017.08.27 221
530 CVE-2017-0097 관리자 2017.03.18 221
529 CVE-2017-12097 관리자 2018.01.25 220
528 CVE-2017-0898 관리자 2017.09.16 220
위로