Search criteria
11 vulnerabilities found for smartviewer by samsung
VAR-201308-0209
Vulnerability from variot - Updated: 2025-04-11 23:14Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. Samsung DVR is prone to an authentication-bypass vulnerability. Attackers can exploit this vulnerability to gain access to internal pages, including camera controls and account settings, which may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart viewer",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": "dvr",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "dvr",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "smartviewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "(web viewer)"
},
{
"model": "dvr",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "BID",
"id": "61938"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003910"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-351"
},
{
"db": "NVD",
"id": "CVE-2013-3586"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:samsung:dvr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:samsung:smartviewer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003910"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrey Bezborodov",
"sources": [
{
"db": "BID",
"id": "61938"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-351"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3586",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2013-3586",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3586",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3586",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-351",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003910"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-351"
},
{
"db": "NVD",
"id": "CVE-2013-3586"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. Samsung DVR is prone to an authentication-bypass vulnerability. \nAttackers can exploit this vulnerability to gain access to internal pages, including camera controls and account settings, which may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3586"
},
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003910"
},
{
"db": "BID",
"id": "61938"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#882286",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2013-3586",
"trust": 2.7
},
{
"db": "BID",
"id": "61938",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU94025783",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003910",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-351",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "BID",
"id": "61938"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003910"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-351"
},
{
"db": "NVD",
"id": "CVE-2013-3586"
}
]
},
"id": "VAR-201308-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.225
},
"last_update_date": "2025-04-11T23:14:42.450000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart Viewer",
"trust": 0.8,
"url": "http://www.samsungsecurity.com/product/product_view.asp?idx=6275"
},
{
"title": "DVR Security Systems",
"trust": 0.8,
"url": "https://www.samsung-security.com/products/video-recording-and-management/dvr.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003910"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
},
{
"problemtype": "CWE-313",
"trust": 0.8
},
{
"problemtype": "CWE-302",
"trust": 0.8
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003910"
},
{
"db": "NVD",
"id": "CVE-2013-3586"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/882286"
},
{
"trust": 1.1,
"url": "https://www.samsung-security.com/products/video-recording-and-management/dvr.aspx"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/313.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/302.html"
},
{
"trust": 0.8,
"url": "https://www.samsung-security.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3586"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94025783/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3586"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61938"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "BID",
"id": "61938"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003910"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-351"
},
{
"db": "NVD",
"id": "CVE-2013-3586"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "BID",
"id": "61938"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003910"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-351"
},
{
"db": "NVD",
"id": "CVE-2013-3586"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-21T00:00:00",
"db": "CERT/CC",
"id": "VU#882286"
},
{
"date": "2013-08-21T00:00:00",
"db": "BID",
"id": "61938"
},
{
"date": "2013-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003910"
},
{
"date": "2013-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-351"
},
{
"date": "2013-08-28T13:09:15.663000",
"db": "NVD",
"id": "CVE-2013-3586"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-03T00:00:00",
"db": "CERT/CC",
"id": "VU#882286"
},
{
"date": "2013-08-21T00:00:00",
"db": "BID",
"id": "61938"
},
{
"date": "2013-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003910"
},
{
"date": "2013-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-351"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-3586"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-351"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Web Viewer for Samsung DVR allows authentication bypass and password disclosure",
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-351"
}
],
"trust": 0.6
}
}
VAR-201308-0208
Vulnerability from variot - Updated: 2025-04-11 23:14Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. Samsung DVR is prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart viewer",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "dvr",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "smartviewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "(web viewer)"
},
{
"model": "dvr",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "BID",
"id": "61942"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003909"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-352"
},
{
"db": "NVD",
"id": "CVE-2013-3585"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:samsung:dvr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:samsung:smartviewer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003909"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrey Bezborodov",
"sources": [
{
"db": "BID",
"id": "61942"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-352"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3585",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3585",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3585",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3585",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-352",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003909"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-352"
},
{
"db": "NVD",
"id": "CVE-2013-3585"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. Samsung DVR is prone to a remote information-disclosure vulnerability. \nSuccessful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3585"
},
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003909"
},
{
"db": "BID",
"id": "61942"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#882286",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2013-3585",
"trust": 2.7
},
{
"db": "BID",
"id": "61942",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU94025783",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003909",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-352",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "BID",
"id": "61942"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003909"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-352"
},
{
"db": "NVD",
"id": "CVE-2013-3585"
}
]
},
"id": "VAR-201308-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.225
},
"last_update_date": "2025-04-11T23:14:42.419000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart Viewer",
"trust": 0.8,
"url": "http://www.samsungsecurity.com/product/product_view.asp?idx=6275"
},
{
"title": "DVR Security Systems",
"trust": 0.8,
"url": "https://www.samsung-security.com/products/video-recording-and-management/dvr.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003909"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
},
{
"problemtype": "CWE-313",
"trust": 0.8
},
{
"problemtype": "CWE-302",
"trust": 0.8
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003909"
},
{
"db": "NVD",
"id": "CVE-2013-3585"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/882286"
},
{
"trust": 1.1,
"url": "https://www.samsung-security.com/products/video-recording-and-management/dvr.aspx"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/313.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/302.html"
},
{
"trust": 0.8,
"url": "https://www.samsung-security.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3585"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94025783/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3585"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61942"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "BID",
"id": "61942"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003909"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-352"
},
{
"db": "NVD",
"id": "CVE-2013-3585"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#882286"
},
{
"db": "BID",
"id": "61942"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003909"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-352"
},
{
"db": "NVD",
"id": "CVE-2013-3585"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-21T00:00:00",
"db": "CERT/CC",
"id": "VU#882286"
},
{
"date": "2013-08-21T00:00:00",
"db": "BID",
"id": "61942"
},
{
"date": "2013-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003909"
},
{
"date": "2013-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-352"
},
{
"date": "2013-08-28T13:09:15.647000",
"db": "NVD",
"id": "CVE-2013-3585"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-03T00:00:00",
"db": "CERT/CC",
"id": "VU#882286"
},
{
"date": "2013-08-21T00:00:00",
"db": "BID",
"id": "61942"
},
{
"date": "2013-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003909"
},
{
"date": "2013-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-352"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-3585"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-352"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Web Viewer for Samsung DVR allows authentication bypass and password disclosure",
"sources": [
{
"db": "CERT/CC",
"id": "VU#882286"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-352"
}
],
"trust": 0.6
}
}
VAR-201806-0920
Vulnerability from variot - Updated: 2024-11-23 22:38Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.). SamsungsmartViewer is Samsung's TV connection software. A cross-site scripting vulnerability exists in SamsungWebViewerforSamsungDVR that allows remote attackers to exploit exploits to inject arbitrary web scripts or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0920",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartviewer",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": "hrd-1642",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.16"
},
{
"model": "hrd-842",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.16"
},
{
"model": "hrd-841",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.14"
},
{
"model": "hrd-1641",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.14"
},
{
"model": "hrd-443",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.14"
},
{
"model": "hrd-440",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.14"
},
{
"model": "hrd-442",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.16"
},
{
"model": "srd-1694u",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.14"
},
{
"model": "hrd-840",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.14"
},
{
"model": "smartviewer",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "web viewer for samsung dvr",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11462"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-886"
},
{
"db": "NVD",
"id": "CVE-2018-11689"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:samsung:smartviewer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
}
]
},
"cve": "CVE-2018-11689",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-11689",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-11462",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-11689",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-11689",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-11689",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-11689",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-11462",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-886",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-11689",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11462"
},
{
"db": "VULMON",
"id": "CVE-2018-11689"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-886"
},
{
"db": "NVD",
"id": "CVE-2018-11689"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.). SamsungsmartViewer is Samsung\u0027s TV connection software. A cross-site scripting vulnerability exists in SamsungWebViewerforSamsungDVR that allows remote attackers to exploit exploits to inject arbitrary web scripts or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11689"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
},
{
"db": "CNVD",
"id": "CNVD-2018-11462"
},
{
"db": "VULMON",
"id": "CVE-2018-11689"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11689",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006611",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-11462",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201806-886",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148183",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-11689",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11462"
},
{
"db": "VULMON",
"id": "CVE-2018-11689"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-886"
},
{
"db": "NVD",
"id": "CVE-2018-11689"
}
]
},
"id": "VAR-201806-0920",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11462"
}
],
"trust": 1.5880952
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11462"
}
]
},
"last_update_date": "2024-11-23T22:38:07.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart Viewer",
"trust": 0.8,
"url": "https://www.samsung.com/us/apps/smart-view-2/"
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-11689"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
},
{
"db": "NVD",
"id": "CVE-2018-11689"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://vulmon.com/vulnerabilitydetails?qid=cve-2018-11689"
},
{
"trust": 2.3,
"url": "https://seclists.org/bugtraq/2018/jun/40"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/542083/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://drive.google.com/file/d/1awbvdrx1krkuv4ikkm530a2n5qrxclmr/view?usp=sharing"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11689"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11689"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/148183/samsung-web-viewer-for-samsung-dvr-cross-site-scripting.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11462"
},
{
"db": "VULMON",
"id": "CVE-2018-11689"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-886"
},
{
"db": "NVD",
"id": "CVE-2018-11689"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11462"
},
{
"db": "VULMON",
"id": "CVE-2018-11689"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-886"
},
{
"db": "NVD",
"id": "CVE-2018-11689"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11462"
},
{
"date": "2018-06-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11689"
},
{
"date": "2018-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006611"
},
{
"date": "2018-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-886"
},
{
"date": "2018-06-14T20:29:00.317000",
"db": "NVD",
"id": "CVE-2018-11689"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11462"
},
{
"date": "2022-04-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11689"
},
{
"date": "2018-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006611"
},
{
"date": "2022-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-886"
},
{
"date": "2024-11-21T03:43:49.723000",
"db": "NVD",
"id": "CVE-2018-11689"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-886"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung DVR for Samsung Web Viewer Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006611"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-886"
}
],
"trust": 0.6
}
}
CVE-2018-11689 (GCVE-0-2018-11689)
Vulnerability from nvd – Published: 2018-06-14 20:00 – Updated: 2024-08-05 08:17
VLAI
Summary
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/542083/100… | mailing-listx_refsource_BUGTRAQ |
| https://vulmon.com/vulnerabilitydetails?qid=CVE-2… | x_refsource_MISC |
| https://drive.google.com/file/d/1aWbvdrx1KRkUv4ik… | x_refsource_MISC |
| https://seclists.org/bugtraq/2018/Jun/40 | x_refsource_MISC |
Date Public
2018-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180613 Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/542083/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Jun/40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-04T03:50:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180613 Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/542083/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2018/Jun/40"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180613 Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/542083/100/0/threaded"
},
{
"name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689",
"refsource": "MISC",
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689"
},
{
"name": "https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing"
},
{
"name": "https://seclists.org/bugtraq/2018/Jun/40",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2018/Jun/40"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11689",
"datePublished": "2018-06-14T20:00:00.000Z",
"dateReserved": "2018-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:17:08.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8040 (GCVE-0-2015-8040)
Vulnerability from nvd – Published: 2015-11-02 19:00 – Updated: 2024-08-06 08:06
VLAI
Summary
The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/77084 | vdb-entryx_refsource_BID |
| http://www.zerodayinitiative.com/advisories/ZDI-15-464 | x_refsource_MISC |
Date Public
2015-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-464"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77084"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-464",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-464"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8040",
"datePublished": "2015-11-02T19:00:00.000Z",
"dateReserved": "2015-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:06:31.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8039 (GCVE-0-2015-8039)
Vulnerability from nvd – Published: 2015-11-02 19:00 – Updated: 2024-08-06 08:06
VLAI
Summary
Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/77079 | vdb-entryx_refsource_BID |
| http://www.zerodayinitiative.com/advisories/ZDI-15-463 | x_refsource_MISC |
| http://www.zerodayinitiative.com/advisories/ZDI-15-462 | x_refsource_MISC |
Date Public
2015-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77079"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-463"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77079"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-463"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77079"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-463",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-463"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-462",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8039",
"datePublished": "2015-11-02T19:00:00.000Z",
"dateReserved": "2015-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:06:31.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9265 (GCVE-0-2014-9265)
Vulnerability from nvd – Published: 2014-12-08 16:00 – Updated: 2024-08-06 13:40
VLAI
Summary
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/71486 | vdb-entryx_refsource_BID |
| http://www.zerodayinitiative.com/advisories/ZDI-14-401/ | x_refsource_MISC |
Date Public
2014-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "71486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71486"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-401/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-08T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "71486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71486"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-401/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71486"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-401/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-401/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9265",
"datePublished": "2014-12-08T16:00:00.000Z",
"dateReserved": "2014-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:25.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11689 (GCVE-0-2018-11689)
Vulnerability from cvelistv5 – Published: 2018-06-14 20:00 – Updated: 2024-08-05 08:17
VLAI
Summary
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/542083/100… | mailing-listx_refsource_BUGTRAQ |
| https://vulmon.com/vulnerabilitydetails?qid=CVE-2… | x_refsource_MISC |
| https://drive.google.com/file/d/1aWbvdrx1KRkUv4ik… | x_refsource_MISC |
| https://seclists.org/bugtraq/2018/Jun/40 | x_refsource_MISC |
Date Public
2018-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180613 Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/542083/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Jun/40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-04T03:50:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180613 Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/542083/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2018/Jun/40"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180613 Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/542083/100/0/threaded"
},
{
"name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689",
"refsource": "MISC",
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689"
},
{
"name": "https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing"
},
{
"name": "https://seclists.org/bugtraq/2018/Jun/40",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2018/Jun/40"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11689",
"datePublished": "2018-06-14T20:00:00.000Z",
"dateReserved": "2018-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:17:08.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8040 (GCVE-0-2015-8040)
Vulnerability from cvelistv5 – Published: 2015-11-02 19:00 – Updated: 2024-08-06 08:06
VLAI
Summary
The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/77084 | vdb-entryx_refsource_BID |
| http://www.zerodayinitiative.com/advisories/ZDI-15-464 | x_refsource_MISC |
Date Public
2015-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-464"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77084"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-464",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-464"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8040",
"datePublished": "2015-11-02T19:00:00.000Z",
"dateReserved": "2015-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:06:31.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8039 (GCVE-0-2015-8039)
Vulnerability from cvelistv5 – Published: 2015-11-02 19:00 – Updated: 2024-08-06 08:06
VLAI
Summary
Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/77079 | vdb-entryx_refsource_BID |
| http://www.zerodayinitiative.com/advisories/ZDI-15-463 | x_refsource_MISC |
| http://www.zerodayinitiative.com/advisories/ZDI-15-462 | x_refsource_MISC |
Date Public
2015-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77079"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-463"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77079"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-463"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77079"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-463",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-463"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-462",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8039",
"datePublished": "2015-11-02T19:00:00.000Z",
"dateReserved": "2015-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:06:31.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9265 (GCVE-0-2014-9265)
Vulnerability from cvelistv5 – Published: 2014-12-08 16:00 – Updated: 2024-08-06 13:40
VLAI
Summary
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/71486 | vdb-entryx_refsource_BID |
| http://www.zerodayinitiative.com/advisories/ZDI-14-401/ | x_refsource_MISC |
Date Public
2014-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "71486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71486"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-401/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-08T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "71486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71486"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-401/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71486"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-401/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-401/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9265",
"datePublished": "2014-12-08T16:00:00.000Z",
"dateReserved": "2014-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:25.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}