Samsung: >> Syncthru Web Service Security Vulnerabilities
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-22
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-12-20
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-03-21
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-03-21
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-03-21
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-03-21
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-08-03
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-03