Vulnerability Description
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Syncthru Web Service | - |
| Samsung | Scx-6555 | - |
| Samsung | Scx-6555N | - |
Related Weaknesses (CWE)
References
- https://medium.com/%40windsormoreira/samsung-printer-scx-6x55x-improper-access-c
- https://security.samsungmobile.com/securityUpdate.smsbVendor Advisory
- https://medium.com/%40windsormoreira/samsung-printer-scx-6x55x-improper-access-c
- https://security.samsungmobile.com/securityUpdate.smsbVendor Advisory
FAQ
What is CVE-2021-42913?
CVE-2021-42913 is a vulnerability with a CVSS score of 7.5 (HIGH). The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.
How severe is CVE-2021-42913?
CVE-2021-42913 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42913?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Syncthru Web Service, Samsung Scx-6555, Samsung Scx-6555N.