CVE-2019-20451
CRITICALSamsung Prismview Player 11 - Unrestricted File Upload
Title source: ruleDescription
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.)
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/papers/47535
Scores
CVSS v3
9.8
EPSS
0.1249
EPSS Percentile
94.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (2)
samsung/prismview_player_11
13.09.1100
samsung/prismview_system_9
11.10.17.00
Published
Feb 10, 2020
Tracked Since
Feb 18, 2026