CVE-2012-4329
published 2012-08-14CVE-2012-4329: The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.
PriorityP342high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
13.34%
95.9th percentile
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor TCP port 55000 for inbound controller registration packets containing line feed characters (0x0A) or other non-printable/invalid characters in the controller name field, which triggers the endless-restart DoS condition. ↗
- →Alert on unusually long strings in the MAC address field of Samsung remote-controller packets on TCP/55000, which may indicate an attempted buffer-overflow (Bug B). ↗
- →The remote-controller feature is enabled by default and the device exposes over 40 TCP ports; network-level blocking of TCP 55000 from untrusted hosts is a key mitigation/detection chokepoint. ↗
- ·Exploitation requires only network adjacency (Ethernet/Wi-Fi); no authentication is needed, making any host on the same LAN/WLAN a potential attacker. ↗
- ·The DoS is persistent across reboots and cannot be self-recovered by the end user; recovery requires manual intervention via service mode, so detection/blocking before the user accepts the allow/deny prompt is critical. ↗
- ·Affected device scope is broad: Samsung TVs (2010 Internet@TV ≥ LCD 650/LED 6500/PDP 6500, 2011 AllShare ≥ LCD 550/LED 5500/PDP 5500) and BD players (2011 Smart Hub ≥ D5300/D5000, D7000, D6900/8200/8500/8900); all tested with latest firmware at time of disclosure. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Samsung NET-i ware 1.37 - Multiple Vulnerabilities
exploitdb·2012-04-22
CVE-2012-4335 Samsung NET-i ware 1.37 - Multiple Vulnerabilities
Samsung NET-i ware 1.37 - Multiple Vulnerabilities
---
#######################################################################
Luigi Auriemma
Application: Samsung NET-i ware
http://www.samsungsecurity.com/product/product_view.asp?idx=6447
http://www.samsungsecurity.com/product/product_view.asp?idx=5828
Versions: <= 1.37
Platforms: Windows
Bugs: A] Endless loop in remote services
B] Code execution in ConnectDDNS ActiveX
C] Stack overflow in BackupToAvi ActiveX
Exploitation: remote
Date: 21 Apr 2012
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bugs
3) The Code
4) Fix
#######################################################################
1) Introduction
"Recording so
Exploit-DB
Samsung D6000 TV - Multiple Vulnerabilities
exploitdb·2012-04-19
CVE-2012-4330 Samsung D6000 TV - Multiple Vulnerabilities
Samsung D6000 TV - Multiple Vulnerabilities
---
#######################################################################
Luigi Auriemma
Application: Samsung devices with support for remote controllers
http://www.samsung.com
Versions: current
Platforms: the vulnerable protocol is used on both TV and blue-ray
devices so both of them should be vulnerable (my tests
were performed only on a D6000 TV with the latest
firmware); the following are the products listed on the
iTunes section of the app but note that I have NOT
tested them:
- TV released in 2010 with Internet@TV feature
Models greater than or equal to LCD 650, LED 6500 and PDP 6500
- TV released in 2011 with AllShare feature
Models greater than or equal to LCD 550, LED 5500 and PDP 5500
- BD released in 2011 with Smart Hub feature
M
No writeups or analysis indexed.
http://aluigi.org/adv/samsux_1-adv.txthttp://archives.neohapsis.com/archives/bugtraq/2012-04/0142.htmlhttp://www.exploit-db.com/exploits/18751http://www.osvdb.org/81221http://www.securityfocus.com/bid/53161http://www.securitytracker.com/id?1026976https://exchange.xforce.ibmcloud.com/vulnerabilities/74927http://aluigi.org/adv/samsux_1-adv.txthttp://archives.neohapsis.com/archives/bugtraq/2012-04/0142.htmlhttp://www.exploit-db.com/exploits/18751http://www.osvdb.org/81221http://www.securityfocus.com/bid/53161http://www.securitytracker.com/id?1026976https://exchange.xforce.ibmcloud.com/vulnerabilities/74927
2012-08-14
Published