Vulnerability Description
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Syncthru 6 | <= - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/75912Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-296Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-297Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-298Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-299Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-300Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-301Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/75912Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-296Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-297Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-298Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-299Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-300Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-301Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-5473?
CVE-2015-5473 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDr...
How severe is CVE-2015-5473?
CVE-2015-5473 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-5473?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Syncthru 6.