CVE-2013-3585

Samsung Smart Viewer - Cleartext Credential Storage

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3585.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass vulnerability in Samsung DVR firmware <= 1.10 by sending a crafted HTTP request with an arbitrary cookie to access protected CGI endpoints. It includes functional Python code to dump user credentials from the device.

Description

Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page.

Exploits (1)

exploitdb WORKING POC

webappshardware

https://www.exploit-db.com/exploits/27753

View Code ZIP pw:eip

The exploit demonstrates an authentication bypass vulnerability in Samsung DVR firmware <= 1.10 by sending a crafted HTTP request with an arbitrary cookie to access protected CGI endpoints. It includes functional Python code to dump user credentials from the device.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Samsung DVR firmware <= 1.10

No auth needed

Prerequisites: Network access to the target DVR · Web interface exposed

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/882286

Scores

EPSS 0.2444

EPSS Percentile 97.6%

Details

CWE

CWE-255

Status published

Products (1)

samsung/smart_viewer

Published Aug 28, 2013

Tracked Since Feb 18, 2026