CVE-2012-5858

Samsung Kies Air 2.1.207051 and 2.1.210161 - Improper Authentication via IP Address Spoofing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5858.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in the `unique_service_name()` function of libupnp's SSDP processor, allowing remote code execution on vulnerable devices. It uses a staged payload approach to bypass size limitations and includes ROP chains for specific targets like Supermicro IPMI devices.

Description

Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.

Exploits (1)

exploitdb WORKING POC

rubyremoteunix

https://www.exploit-db.com/exploits/24455

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the `unique_service_name()` function of libupnp's SSDP processor, allowing remote code execution on vulnerable devices. It uses a staged payload approach to bypass size limitations and includes ROP chains for specific targets like Supermicro IPMI devices.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Portable UPnP SDK (libupnp) versions including Intel SDK for UPnP Devices 1.3.1

No auth needed

Prerequisites: Network access to UDP port 1900 on the target device · Vulnerable version of libupnp running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.org/files/118154/Kies-Air-Denial-Of-Service-Authorization-Bypass.html

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-11/0061.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/56560

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/80092

Scores

EPSS 0.1147

EPSS Percentile 93.8%

Details

CWE

CWE-287

Status published

Products (2)

samsung/kies_air 2.1.207051

samsung/kies_air 2.1.210161

Published Dec 03, 2012

Tracked Since Feb 18, 2026