CVE-2012-5858

Samsung Kies Air - Authentication Bypass

Title source: rule

Description

Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.

Exploits (1)

exploitdb WORKING POC

rubyremoteunix

https://www.exploit-db.com/exploits/24455

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2012-11/0061.html

[Exploit, Third Party Advisory] http://packetstormsecurity.org/files/118154/Kies-Air-Denial-Of-Service-Authorization-Bypass.html

[Exploit] http://www.securityfocus.com/bid/56560

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/80092

Scores

EPSS 0.1147

EPSS Percentile 93.6%

Details

CWE

CWE-287

Status published

Products (2)

samsung/kies_air 2.1.207051

samsung/kies_air 2.1.210161

Published Dec 03, 2012

Tracked Since Feb 18, 2026