VYPR

Smartviewer

by Samsung Mobile

CVEs (8)

  • CVE-2018-11689MedJun 14, 2018
    risk 0.40cvss 6.1epss 0.02

    Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)

  • CVE-2013-3585Aug 28, 2013
    risk 0.05cvss epss 0.24

    Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page.

  • CVE-2013-3586Aug 28, 2013
    risk 0.04cvss epss 0.12

    Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.

  • CVE-2014-9265Dec 8, 2014
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2025-21024Aug 6, 2025
    risk 0.00cvss epss 0.00

    Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.

  • CVE-2015-8040Nov 2, 2015
    risk 0.00cvss epss 0.03

    The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value.

  • CVE-2015-8039Nov 2, 2015
    risk 0.00cvss epss 0.04

    Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.

  • CVE-2014-9266Dec 8, 2014
    risk 0.00cvss epss 0.03

    The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors.