三星DMS存在路径遍历漏洞(CWE-22),允许攻击者通过特定私有IP地址创建任意文件。该产品不支持互联网连接,建议断开网络并联系三星获取软件更新修复漏洞。 2025-7-29 11:14:0 Author: claroty.com(查看原文) 阅读量:0 收藏
High Threat
CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'):
An 'Arbitary File Creation' in Samsung DMS (Data Management Server) allows attackers to create arbitary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Samsung recommends users to contact a Samsung call center or installer for a software update.
This product is not intended to be connected to the Internet, so please disconnect it from the Internet. Refer to the following statement in the manual: "Use this product only in a separate dedicated network. Samsung Electronics is not liable for any problems caused by connecting it to the Internet or an intranet."
如有侵权请联系:admin#unsafe.sh