메뉴 건너뛰기

XEDITION

cve

CVE-2017-16524

관리자 2017.11.09 04:00 조회 수 : 0

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16524
번호 제목 글쓴이 날짜 조회 수
377 CVE-2017-16636 관리자 2017.11.09 0
376 CVE-2017-14025 관리자 2017.11.09 0
375 CVE-2017-16635 관리자 2017.11.09 0
374 CVE-2017-14016 관리자 2017.11.09 0
373 CVE-2017-15306 관리자 2017.11.09 0
372 CVE-2015-7878 관리자 2017.11.09 0
371 CVE-2017-15672 관리자 2017.11.09 0
370 CVE-2015-7529 관리자 2017.11.09 0
369 CVE-2017-11177 관리자 2017.11.09 0
368 CVE-2017-7425 관리자 2017.11.09 0
367 CVE-2017-16001 관리자 2017.11.09 0
366 CVE-2017-16569 관리자 2017.11.09 0
365 CVE-2017-15039 관리자 2017.11.09 0
» CVE-2017-16524 관리자 2017.11.09 0
363 CVE-2017-16570 관리자 2017.11.09 0
위로