cbcvebase.
CVE-2012-4329
published 2012-08-14

CVE-2012-4329: The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.

PriorityP342high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
13.34%
95.9th percentile
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.

Detection & IOCsextracted from sources · hover to see the quote

port55000/tcp
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18751.zip
urlhttp://aluigi.org/poc/samsux_1.zip
  • Monitor TCP port 55000 for inbound controller registration packets containing line feed characters (0x0A) or other non-printable/invalid characters in the controller name field, which triggers the endless-restart DoS condition.
  • Alert on unusually long strings in the MAC address field of Samsung remote-controller packets on TCP/55000, which may indicate an attempted buffer-overflow (Bug B).
  • The remote-controller feature is enabled by default and the device exposes over 40 TCP ports; network-level blocking of TCP 55000 from untrusted hosts is a key mitigation/detection chokepoint.
  • ·Exploitation requires only network adjacency (Ethernet/Wi-Fi); no authentication is needed, making any host on the same LAN/WLAN a potential attacker.
  • ·The DoS is persistent across reboots and cannot be self-recovered by the end user; recovery requires manual intervention via service mode, so detection/blocking before the user accepts the allow/deny prompt is critical.
  • ·Affected device scope is broad: Samsung TVs (2010 Internet@TV ≥ LCD 650/LED 6500/PDP 6500, 2011 AllShare ≥ LCD 550/LED 5500/PDP 5500) and BD players (2011 Smart Hub ≥ D5300/D5000, D7000, D6900/8200/8500/8900); all tested with latest firmware at time of disclosure.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.