메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16524

관리자 2017.11.09 04:00 조회 수 : 163

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16524
번호 제목 글쓴이 날짜 조회 수
542 CVE-2018-1000013 관리자 2018.01.25 147
541 CVE-2018-1000011 관리자 2018.01.25 169
540 CVE-2018-1000010 관리자 2018.01.25 190
539 CVE-2018-1000009 관리자 2018.01.25 171
538 CVE-2018-1000008 관리자 2018.01.25 209
537 CVE-2018-6029 관리자 2018.01.25 137
536 CVE-2017-18048 관리자 2018.01.25 146
535 CVE-2018-6022 관리자 2018.01.25 224
534 CVE-2017-18049 관리자 2018.01.25 207
533 CVE-2017-17406 관리자 2018.01.25 197
532 CVE-2017-17407 관리자 2018.01.25 164
531 CVE-2017-16610 관리자 2018.01.25 173
530 CVE-2017-16606 관리자 2018.01.25 212
529 CVE-2017-16604 관리자 2018.01.25 197
528 CVE-2017-16607 관리자 2018.01.25 189
위로