CVE-2016-15046

25.07.2025, 16:15

A client-side remote code execution vulnerability exists in Samsung Security Managerversions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, ultimately resulting in arbitrary code execution with SYSTEM privileges.

This vulnerability bypasses the server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side.

This product is now known asHanwha Wisenet SSM and it is unknown if current versions are affected.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
VulnCheck	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-156/

http://www.zerodayinitiative.com/advisories/ZDI-16-481/

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/samsung_security_manager_put.rb

https://srcincite.io/advisories/src-2016-0032/

https://web.archive.org/web/20160518205411/http://security.hanwhatechwin.com/product/product_view.asp?idx=6779#FL080000

https://www.vulncheck.com/advisories/samsung-security-manager-activemq-file-upload-rce