CVE-2012-4334

critical

Published 2012-08-14 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

10.0

Description

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-18765 dos windows verified text · 3 KB

Luigi Auriemma · 2012-04-22

Samsung NET-i ware 1.37 - Multiple Vulnerabilities

text exploit Source: Exploit-DB

#######################################################################

                             Luigi Auriemma

Application:  Samsung NET-i ware
              http://www.samsungsecurity.com/product/product_view.asp?idx=6447
              http://www.samsungsecurity.com/product/product_view.asp?idx=5828
Versions:     <= 1.37
Platforms:    Windows
Bugs:         A] Endless loop in remote services
              B] Code execution in ConnectDDNS ActiveX
              C] Stack overflow in BackupToAvi ActiveX
Exploitation: remote
Date:         21 Apr 2012
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


"Recording software for Samsung network cameras".


#######################################################################

=======
2) Bugs
=======


----------------------------------
A] Endless loop in remote services
----------------------------------

All the NET-i ware services are affected by an endless loop caused by
the wrong handling of negative 32bit size fields.


----------------------------------------
B] Code execution in ConnectDDNS ActiveX
----------------------------------------

Code execution vulnerability in the ConnectDDNS method used by the
following ActiveX components:
- EEDBA32E-5C2D-48f1-A58E-0AAB0BC230E3
- 17A7F731-C9EC-461C-B813-2F42A1BB58EB

  10022F80   8B02             MOV EAX,DWORD PTR DS:[EDX]
  10022F82   8B4D E8          MOV ECX,DWORD PTR SS:[EBP-18]
  10022F85   FF10             CALL DWORD PTR DS:[EAX]

The bug is not much reliable to replicate so I report it just for
reference.
No additional research performed.


----------------------------------------
C] Stack overflow in BackupToAvi ActiveX
----------------------------------------

Stack overflow in the BackupToAvi method used by the ActiveX components
3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A and
208650B1-3CA1-4406-926D-45F2DBB9C299.


#######################################################################

===========
3) The Code
===========


A]
http://aluigi.org/testz/udpsz.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18112.zip

  NiwMasterService:
  udpsz -b 0x80 -T SERVER 4505 0x28

  NiwStorageService:
  udpsz -T -c "REM" 0 -C 80808080 0x10 SERVER 4508 0x14

B,C]
http://aluigi.org/poc/netiware_1b.zip


#######################################################################

======
4) Fix
======


No fix.


#######################################################################

Application impact

Vendor	Product	Versions	Fixed
samsung	net-i_viewer	`1.37.120316`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.