PT-2025-31212 · Hanwha Techwin+1 · Hanwha Techwin Smart Security Manager+1
Published
2025-07-25
·
Updated
2025-07-30
·
CVE-2016-15046
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4
Description
A client-side remote code execution issue exists due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, resulting in arbitrary code execution with SYSTEM privileges. This bypasses server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side.
Recommendations
Update to a newer version of Hanwha Wisenet SSM to address this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Missing Authentication
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Activemq
Hanwha Techwin Smart Security Manager