Smart Manager
CVE-2021-25399
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege.
AnalysisAI
Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-285. Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. Affected products include: Samsung Smart Manager. Version information: version 11.0.05.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Smart Manager
View allThe Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a
Privilege escalation in the StoreApps Smart Manager WordPress plugin (versions up to and including 8.85.0) allows authen
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today