Flattr this!

Independent security researcher Luigi Oriema (Luigi Auriemma) discovered vulnerability allows remote users to conduct DoS-attack on a number of models of Blu-Ray players and TVs of Samsung.

Samsung prone remote DoS-attack

According to the expert, the vulnerability exists in current firmware version of televisions manufactured in 2010 and having the option Internet @ TV (LCD Model 650, LED 6500, PDP 6500 and newer), and Samsung TVs released in 2011, and have the option AllShare (model LCD 550, LED 5500 and PDP 5500 and newer). Moreover, the vulnerable are the Blu-Ray Disc Players 2011 release with integrated option Smart Hub (model BD-Player D5300, BD-HTS D5000, BD-AVR D7000, BD-HDD Combo D6900/8200/8500/8900 and up).

On his personal web-site the expert also published a functional exploit for the detected flaws. By sending via HTTP XML-over-long query SetAVTransport on network port 7676 remote user can trigger a buffer overflow or infinite reboot the device.

Denial of service in Samsung products

Date of publication: 07/03/2013
Modified: 07/03/2013
Total views: 415
Danger: Average
The presence of corrections: No
Number of vulnerabilities: 1
CVSSv2 rating: (AV: A / AC: L / Au: N / C: N / I: N / A: P / E: P / RL: U / RC: C) = Base: 3.3/Temporal: 3
CVE ID: No data
Vector operation: Local network
Impact: Denial of service
CWE ID: No data
Be exploited PoC code
Affected products: Samsung BD-D7000 
Samsung BD-HTS D5000 
Samsung BD-D5300 Player 
Samsung PDP TV Series 5500 
Samsung LED TV 5500 Series 
Samsung 550 Series LCD TV 
PDP TV Samsung 6500 Series 
LED TV Samsung 6500 Series 
LCD TV Samsung 650 Series
Affected versions:
Samsung BD-D7000
Samsung BD-HTS D5000
Samsung BD-D5300 Player
Samsung PDP TV Series 5500
Samsung LED TV 5500 Series
Samsung 550 Series LCD TV
PDP TV Samsung 6500 Series
LED TV Samsung 6500 Series
LCD TV Samsung 650 SeriesDescription:
The vulnerability allows a remote user to execute arbitrary code on the target system.The vulnerability is caused due to insufficient validation of incoming XML-requests. This can be exploited to XML-request sent to the network port 7676, a buffer overflow.Manufacturer URL: www.samsung.comSolution: The way to eliminate the vulnerability does not exist at present.