This Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing local file read vulnerability referenced by CVE-2015-8279, which allows remote attackers to read the web interface credentials by sending a request to: cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
01dd3eafd05e3df998f5fcb41b54bc9db77b1c53fd0d923b9b36d3070206c261
Web Viewer version 1.0.0.193 on Samsung SRN-1670D suffers from an unrestricted file upload vulnerability.
885ec7ceed2d053ced5d897f78056b1ccabe528cc26c52c64e50782a1b9d9921