CVE-2017-5169 affects Hanwha Techwin Smart Security Manager versions 1.5 and earlier. The issue is described as multiple cross-site request forgery flaws in the bundled Redis and Apache Felix Gogo servers. According to the CVE record, specific HTTP POST requests can be used to gain system-level access to a remote shell session, creating remote code execution risk. NVD lists the issue as CVSS 3.1 7.5 High [truncated]
CVE-2017-5168 describes path traversal vulnerabilities in Hanwha Techwin Smart Security Manager’s bundled ActiveMQ Broker service. According to the supplied NVD record and advisory references, a crafted HTTP request can expose arbitrary files on the server, and the issue is described as potentially enabling remote code execution. NVD lists the affected product family as Smart Security Manager versions thr [truncated]
