Saturday, August 3, 2013

Samsung TV DoS vulnerability

Recently, I discovered a DoS vulnerability on some Samsung TV devices.

The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request, and as a results, the TV reboots...

This was tested successfully on my Samsung PS50C7700 plasma TV.



CVE Number: CVE-2013-4890
Exploit Download Link: http://www.mmeit.be/exploits/samsungtv_reset.txt

In the demo, the TV is connected by Ethernet cable to a home network, and after running the exploit against the TVs IP address - a few seconds later, the TV restarts and repeats the process.

video
 
 
This means that a potential attacker only needs to obtain access to the LAN that the TV has joined, in order to attack it. This can be done either by breaking into a wireless access point or by infecting a computer on the same network with malware.

Feel free to make a root exploit and to hack your Samsung TV...

No we need firewall and antivirus protection for our televisions too :)
Samsung did not immediately return a request for comment. A shame...

Other articles related to this vulnerability:


You can follow me on Twitter: @MME_IT