CVE-2015-5473
Last modified
CVE-2015-5473 is a vulnerability of currently unknown severity. Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.. EPSS estimates a 12.63% chance of exploitation in the next 30 days.
Description
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Syncthru 6 | <= - |
References
- http://www.securityfocus.com/bid/75912Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-296Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-297Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-298Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-299Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-300Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-301Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/75912Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-296Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-297Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-298Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-299Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-300Third Party Advisory, VDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-301Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-5473?
How severe is CVE-2015-5473?
How do I fix CVE-2015-5473?
Are you affected by CVE-2015-5473?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST