This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote web server is prone to a SQL injection attack.
The remote web server is an embedded web server in a Samsung
Integrated Management System DMS (Data Management Server), an embedded
hardware device used to manange a large number of air conditioning
According to its self-reported version, the version of this web server
is earlier than 1.4.3. Such versions are reportedly affected by a SQL
injection vulnerability due to a failure of the software to sanitize
input to the username and password fields of the login page before
using it in a database query in the 'verifyUser()' method in the
An unauthenticated remote attacker can leverage this issue to
manipulate database queries and, for example, bypass authentication
and gain administrative access to the device.
See also :
Upgrade DMS to 1.4.3 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true
Nessus Plugin ID: 53877 ()
Bugtraq ID: 47726
CVE ID: CVE-2010-4284
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.