CVE-2012-4330

Samsung D6000 Firmware - Denial of Service via Long MAC Address Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4330. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The writeup details two vulnerabilities in Samsung devices with remote controller support: an endless restart loop triggered by invalid name strings and a potential buffer overflow via long MAC address strings. The analysis includes technical details about the protocol and exploitation steps but lacks direct exploit code.

Description

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textdoshardware
https://www.exploit-db.com/exploits/18751

The writeup details two vulnerabilities in Samsung devices with remote controller support: an endless restart loop triggered by invalid name strings and a potential buffer overflow via long MAC address strings. The analysis includes technical details about the protocol and exploitation steps but lacks direct exploit code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Samsung TV and Blu-ray devices with remote controller support (e.g., D6000 TV, BD-Player D5300)
No auth needed
Prerequisites: Network access to the target device · TCP port 55000 open on the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WRITEUP
doswindows
https://www.exploit-db.com/exploits/18765

This is a technical writeup by Luigi Auriemma detailing three vulnerabilities in Samsung NET-i ware, including an endless loop in remote services, code execution in the ConnectDDNS ActiveX, and a stack overflow in the BackupToAvi ActiveX. The writeup provides specific details about affected components, methods, and assembly-level analysis.

Classification
Writeup 90%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Theoretical
Target: Samsung NET-i ware <= 1.37
No auth needed
Prerequisites: Network access to vulnerable services · ActiveX controls enabled in target environment
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53161
Broken Link, Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-04/0142.html
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/81222
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74928
Exploit x_refsource_misc
http://aluigi.org/adv/samsux_1-adv.txt
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18751
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026976

Scores

EPSS 0.1388
EPSS Percentile 96.0%

Details

CWE
CWE-119
Status published
Products (1)
samsung/d6000_firmware
Published Aug 14, 2012
Tracked Since Feb 18, 2026