CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35309
https://notcve.org/view.php?id=CVE-2021-35309
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. Un problema descubierto en Samsung SyncThru Web Service SPL 5.93 06-09-2014 permite a los atacantes obtener privilegios escalados a través de ataques MITM. • https://github.com/mustafa-turgut/cve-subscriptions/tree/main/samsung-stws https://security.samsungmobile.com/securityUpdate.smsb • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-42913
https://notcve.org/view.php?id=CVE-2021-42913
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required. El servicio web SyncThru en las impresoras Samsung SCX-6x55X permite a un atacante conseguir acceso a una lista de usuarios SMB y contraseñas en texto sin cifrar al leer el código fuente HTML • https://github.com/kernel-cyber/CVE-2021-42913 https://medium.com/%40windsormoreira/samsung-printer-scx-6x55x-improper-access-control-cve-2021-42913-bd50837e5e9a https://security.samsungmobile.com/securityUpdate.smsb • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-7420 – SAMSUNG X7400GX Sync Thru Web Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-7420
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. Existe Cross-Site Scripting (XSS) en SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 en "/sws.application/information/networkinformationView.sws" en el parámetro tabName. SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/28 http://www.samsung.com/Support/ProductSupport/download/index.aspx http://www.samsungprinter.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-7418 – SAMSUNG X7400GX Sync Thru Web Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-7418
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. Existe Cross-Site Scripting (XSS) en SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 en "/sws/swsAlert.sws" en múltiples parámetros: flag, frame, func y Nfunc. SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/28 http://www.samsung.com/Support/ProductSupport/download/index.aspx http://www.samsungprinter.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-7421 – SAMSUNG X7400GX Sync Thru Web Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-7421
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. Existe Cross-Site Scripting (XSS) en SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 en "/sws.login/gnb/loginView.sws" en múltiples parámetros: contextpath y basedURL. SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/28 http://www.samsung.com/Support/ProductSupport/download/index.aspx http://www.samsungprinter.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •