Independent security researcher Luigi Oriema (Luigi Auriemma) discovered vulnerability allows remote users to conduct DoS-attack on a number of models of Blu-Ray players and TVs of Samsung.
According to the expert, the vulnerability exists in current firmware version of televisions manufactured in 2010 and having the option Internet @ TV (LCD Model 650, LED 6500, PDP 6500 and newer), and Samsung TVs released in 2011, and have the option AllShare (model LCD 550, LED 5500 and PDP 5500 and newer). Moreover, the vulnerable are the Blu-Ray Disc Players 2011 release with integrated option Smart Hub (model BD-Player D5300, BD-HTS D5000, BD-AVR D7000, BD-HDD Combo D6900/8200/8500/8900 and up).
On his personal web-site the expert also published a functional exploit for the detected flaws. By sending via HTTP XML-over-long query SetAVTransport on network port 7676 remote user can trigger a buffer overflow or infinite reboot the device.
(AV: A / AC: L / Au: N / C: N / I: N / A: P / E: P / RL: U / RC: C) = Base: 3.3/Temporal: 3
Denial of service
Samsung BD-D7000 Samsung BD-HTS D5000 Samsung BD-D5300 Player Samsung PDP TV Series 5500 Samsung LED TV 5500 Series Samsung 550 Series LCD TV PDP TV Samsung 6500 Series LED TV Samsung 6500 Series LCD TV Samsung 650 Series
Samsung BD-HTS D5000
Samsung BD-D5300 Player
Samsung PDP TV Series 5500
Samsung LED TV 5500 Series
Samsung 550 Series LCD TV
PDP TV Samsung 6500 Series
LED TV Samsung 6500 Series
LCD TV Samsung 650 SeriesDescription:
The vulnerability allows a remote user to execute arbitrary code on the target system.The vulnerability is caused due to insufficient validation of incoming XML-requests. This can be exploited to XML-request sent to the network port 7676, a buffer overflow.Manufacturer URL: www.samsung.comSolution: The way to eliminate the vulnerability does not exist at present.