CVE-2021-42913

HIGH

Samsung Syncthru Web Service - Insufficiently Protected Credentials

Title source: rule

Description

The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.

Exploits (1)

nomisec WORKING POC

by kernel-cyber · poc

https://github.com/kernel-cyber/CVE-2021-42913

View Code ZIP pw:eip

References (2)

[Various Sources] https://medium.com/%40windsormoreira/samsung-printer-scx-6x55x-improper-access-control-cve-2021-42913-bd50837e5e9a

[Vendor Advisory] https://security.samsungmobile.com/securityUpdate.smsb

Scores

CVSS v3 7.5

EPSS 0.0052

EPSS Percentile 66.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

samsung/syncthru_web_service

Timeline

Published Dec 20, 2021

Tracked Since Feb 18, 2026