cbcvebase.
CVE-2012-4330
published 2012-08-14

CVE-2012-4330: The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as…

PriorityP343high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
13.88%
96.1th percentile
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.

Detection & IOCsextracted from sources · hover to see the quote

port55000/TCP
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18751.zip
urlhttp://aluigi.org/poc/samsux_1.zip
  • Monitor TCP port 55000 for oversized or malformed remote controller packets, particularly those with abnormally long MAC address or name string fields, which are the attack vectors for the DoS/buffer-overflow.
  • Alert on remote controller packets sent to TCP/55000 containing line feed or other non-printable/invalid characters in the controller name string field, which triggers the endless restart loop.
  • The Samsung remote control protocol on TCP/55000 is enabled by default and exposes the device to unauthenticated network attackers; detect unexpected connections to this port from non-approved hosts.
  • Over 40 TCP ports are opened by default on affected Samsung TV devices; broad port scanning of Samsung TV IPs may indicate reconnaissance prior to exploitation.
  • ·Affected devices include Samsung TVs (2010 Internet@TV models LCD 650+, LED 6500+, PDP 6500+) and 2011 AllShare models, as well as BD players; the researcher only confirmed exploitation on a D6000 TV with latest firmware.
  • ·No vendor fix was available at time of disclosure; Samsung had no published security contact address for vulnerability reporting.
  • ·The endless-restart DoS requires user interaction (selecting allow/deny on the TV screen) to trigger, but the buffer-overflow crash via long MAC address field does not appear to require user interaction.

CVSS provenance

nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.