VAR-201706-0165
Vulnerability from variot - Updated: 2025-04-20 23:19Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadController servlet exposed by uploadFirmware.html. The issue lies in the failure to sanitize the path of files uploaded, allowing for them to be placed anywhere on the server. An attacker can leverage this vulnerability to execute arbitrary code as SYSTEM. An attacker could use this to create denial-of-service condition. Samsung SyncThru is a printer management software from South Korea's Samsung. A directory traversal vulnerability exists in Samsung SyncThru
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "syncthru",
"scope": null,
"trust": 4.8,
"vendor": "samsung",
"version": null
},
{
"_id": null,
"model": "syncthru 6",
"scope": "lte",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"_id": null,
"model": "syncthru 6",
"scope": "lt",
"trust": 0.8,
"vendor": "samsung",
"version": "1.0"
},
{
"_id": null,
"model": "syncthru 6",
"scope": "eq",
"trust": 0.6,
"vendor": "samsung",
"version": null
},
{
"_id": null,
"model": "syncthru",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"_id": null,
"model": "syncthru",
"scope": "ne",
"trust": 0.3,
"vendor": "samsung",
"version": "61.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-299"
},
{
"db": "ZDI",
"id": "ZDI-15-297"
},
{
"db": "ZDI",
"id": "ZDI-15-298"
},
{
"db": "ZDI",
"id": "ZDI-15-296"
},
{
"db": "ZDI",
"id": "ZDI-15-300"
},
{
"db": "ZDI",
"id": "ZDI-15-301"
},
{
"db": "CNVD",
"id": "CNVD-2015-04924"
},
{
"db": "BID",
"id": "75912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007582"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-676"
},
{
"db": "NVD",
"id": "CVE-2015-5473"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:samsung:syncthru_6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007582"
}
]
},
"credits": {
"_id": null,
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-299"
},
{
"db": "ZDI",
"id": "ZDI-15-297"
},
{
"db": "ZDI",
"id": "ZDI-15-298"
},
{
"db": "ZDI",
"id": "ZDI-15-296"
},
{
"db": "ZDI",
"id": "ZDI-15-300"
},
{
"db": "ZDI",
"id": "ZDI-15-301"
},
{
"db": "BID",
"id": "75912"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-676"
}
],
"trust": 5.1
},
"cve": "CVE-2015-5473",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5473",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 3.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5473",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5473",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04924",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-5473",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2015-5473",
"trust": 4.2,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5473",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-5473",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2015-04924",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-676",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-299"
},
{
"db": "ZDI",
"id": "ZDI-15-297"
},
{
"db": "ZDI",
"id": "ZDI-15-298"
},
{
"db": "ZDI",
"id": "ZDI-15-296"
},
{
"db": "ZDI",
"id": "ZDI-15-300"
},
{
"db": "ZDI",
"id": "ZDI-15-301"
},
{
"db": "CNVD",
"id": "CNVD-2015-04924"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007582"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-676"
},
{
"db": "NVD",
"id": "CVE-2015-5473"
}
]
},
"description": {
"_id": null,
"data": "Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadController servlet exposed by uploadFirmware.html. The issue lies in the failure to sanitize the path of files uploaded, allowing for them to be placed anywhere on the server. An attacker can leverage this vulnerability to execute arbitrary code as SYSTEM. An attacker could use this to create denial-of-service condition. Samsung SyncThru is a printer management software from South Korea\u0027s Samsung. A directory traversal vulnerability exists in Samsung SyncThru",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007582"
},
{
"db": "ZDI",
"id": "ZDI-15-299"
},
{
"db": "ZDI",
"id": "ZDI-15-297"
},
{
"db": "ZDI",
"id": "ZDI-15-298"
},
{
"db": "ZDI",
"id": "ZDI-15-296"
},
{
"db": "ZDI",
"id": "ZDI-15-300"
},
{
"db": "ZDI",
"id": "ZDI-15-301"
},
{
"db": "CNVD",
"id": "CNVD-2015-04924"
},
{
"db": "BID",
"id": "75912"
}
],
"trust": 6.21
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-5473",
"trust": 7.5
},
{
"db": "BID",
"id": "75912",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-15-299",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-15-297",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-15-298",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-15-296",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-15-300",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-15-301",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007582",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2582",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2584",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2583",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2587",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2585",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2586",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04924",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201507-676",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-299"
},
{
"db": "ZDI",
"id": "ZDI-15-297"
},
{
"db": "ZDI",
"id": "ZDI-15-298"
},
{
"db": "ZDI",
"id": "ZDI-15-296"
},
{
"db": "ZDI",
"id": "ZDI-15-300"
},
{
"db": "ZDI",
"id": "ZDI-15-301"
},
{
"db": "CNVD",
"id": "CNVD-2015-04924"
},
{
"db": "BID",
"id": "75912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007582"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-676"
},
{
"db": "NVD",
"id": "CVE-2015-5473"
}
]
},
"id": "VAR-201706-0165",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04924"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04924"
}
]
},
"last_update_date": "2025-04-20T23:19:56.615000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.samsung.com/uk/business/"
},
{
"title": "Samsung SyncThru directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/61316"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04924"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007582"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007582"
},
{
"db": "NVD",
"id": "CVE-2015-5473"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/75912"
},
{
"trust": 1.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-296"
},
{
"trust": 1.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-297"
},
{
"trust": 1.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-298"
},
{
"trust": 1.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-299"
},
{
"trust": 1.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-300"
},
{
"trust": 1.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-301"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5473"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5473"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/ie/business/solutions-services/printing-solutions/device-management/syncthru-admin-6"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-301/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-300/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-297/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-298/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-299/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-296/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04924"
},
{
"db": "BID",
"id": "75912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007582"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-676"
},
{
"db": "NVD",
"id": "CVE-2015-5473"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-15-299",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-297",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-298",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-296",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-300",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-301",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2015-04924",
"ident": null
},
{
"db": "BID",
"id": "75912",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007582",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201507-676",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-5473",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-299",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-297",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-298",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-296",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-300",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-301",
"ident": null
},
{
"date": "2015-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04924",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "BID",
"id": "75912",
"ident": null
},
{
"date": "2017-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007582",
"ident": null
},
{
"date": "2015-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-676",
"ident": null
},
{
"date": "2017-06-01T16:29:00.263000",
"db": "NVD",
"id": "CVE-2015-5473",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-299",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-297",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-298",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-296",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-300",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-301",
"ident": null
},
{
"date": "2015-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04924",
"ident": null
},
{
"date": "2015-07-13T00:00:00",
"db": "BID",
"id": "75912",
"ident": null
},
{
"date": "2017-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007582",
"ident": null
},
{
"date": "2017-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-676",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-5473",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-676"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Samsung SyncThru FileUploadController Directory Traversal Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-299"
},
{
"db": "ZDI",
"id": "ZDI-15-297"
},
{
"db": "ZDI",
"id": "ZDI-15-298"
}
],
"trust": 2.1
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-676"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…