Smartviewer
by Samsung
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-9265 | 0.04 | — | 0.09 | Dec 8, 2014 | Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2013-3586 | 0.04 | — | 0.08 | Aug 28, 2013 | Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | ||
| CVE-2013-3585 | 0.04 | — | 0.11 | Aug 28, 2013 | Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. | ||
| CVE-2015-8040 | 0.00 | — | 0.02 | Nov 2, 2015 | The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. | ||
| CVE-2015-8039 | 0.00 | — | 0.02 | Nov 2, 2015 | Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference. | ||
| CVE-2014-9266 | 0.00 | — | 0.02 | Dec 8, 2014 | The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. |
- CVE-2014-9265Dec 8, 2014risk 0.04cvss —epss 0.09
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2013-3586Aug 28, 2013risk 0.04cvss —epss 0.08
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
- CVE-2013-3585Aug 28, 2013risk 0.04cvss —epss 0.11
Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page.
- CVE-2015-8040Nov 2, 2015risk 0.00cvss —epss 0.02
The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value.
- CVE-2015-8039Nov 2, 2015risk 0.00cvss —epss 0.02
Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.
- CVE-2014-9266Dec 8, 2014risk 0.00cvss —epss 0.02
The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors.