Vulnerability Note VU#913000
Samsung SRN-1670D camera contains multiple vulnerabilities
The Samsung SRN-1670D camera contains multiple vulnerabilities.
CWE-264: Permissions, Privileges, and Access Controls - CVE-2015-8279
An undocumented PHP request may be used to read arbitrary files from the system.
An unauthenticated remote attacker may access arbitrary files on the device, and learn user credentials.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hanwha||Affected||09 Nov 2015||25 Jan 2016|
|Samsung Mobile||Unknown||09 Nov 2015||09 Nov 2015|
CVSS Metrics (Learn More)
Thanks to Aristide Fattori, Luca Giancane and Roberto Paleari for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-8279 CVE-2015-8280 CVE-2015-8281
- Date Public: 11 Jan 2016
- Date First Published: 12 Jan 2016
- Date Last Updated: 25 Jan 2016
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.