PT-2015-7716 · Samsung · Samsung Smartviewer

Ariele Caltabiano

Published

2015-10-13

Updated

2016-11-28

CVE-2015-8040

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Samsung SmartViewer (affected versions not specified)

Description The issue concerns the rtsp getdlsendtime method in the CNC Ctrl control of Samsung SmartViewer, which allows remote attackers to execute arbitrary code via an index value. This can potentially lead to remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-8040

ZDI-15-464

Affected Products

Samsung Smartviewer

PT-2015-7716 · Samsung · Samsung Smartviewer

CVE-2015-8040

Weakness Enumeration

Related Identifiers

Affected Products

References · 4