CVE-2021-42913
HIGHSamsung SyncThru Web Service - Unauthenticated Cleartext Password Exposure via HTML Source Code
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-42913. PoCs published by kernel-cyber.
AI-analyzed exploit summary This exploit targets an improper access control vulnerability in Samsung Printer SCX-6X55X SyncThru Web Service, allowing unauthorized access to SMB user credentials via a direct request to `/smb_serverList.csv`.
Description
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.
Exploits (1)
This exploit targets an improper access control vulnerability in Samsung Printer SCX-6X55X SyncThru Web Service, allowing unauthorized access to SMB user credentials via a direct request to `/smb_serverList.csv`.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N