Lucene search

MitreCVE-2017-14262

HistorySep 11, 2017 - 9:29 a.m.

CVE-2017-14262

2017-09-1109:29:00

CWE-326

mitre

web.nvd.nist.gov

samsung nvr

remote attackers

admin account

md5 password hash

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

65.0%

JSON

On Samsung NVR devices, remote attackers can read the MD5 password hash of the ‘admin’ account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.

Affected configurations

Nvd

Node

samsungsrn_1670d_firmwareMatch-

AND

samsungsrn_1670dMatch-

Node

samsungsrn_1000_firmwareMatch-

AND

samsungsrn_1000Match-

Node

samsungsrn_472s_firmwareMatch-

AND

samsungsrn_472sMatch-

Node

samsungsrn_470d_firmwareMatch-

AND

samsungsrn_470dMatch-

VendorProductVersionCPE
samsungsrn_1670d_firmware-cpe:2.3:o:samsung:srn_1670d_firmware:-:*:*:*:*:*:*:*
samsungsrn_1670d-cpe:2.3:h:samsung:srn_1670d:-:*:*:*:*:*:*:*
samsungsrn_1000_firmware-cpe:2.3:o:samsung:srn_1000_firmware:-:*:*:*:*:*:*:*
samsungsrn_1000-cpe:2.3:h:samsung:srn_1000:-:*:*:*:*:*:*:*
samsungsrn_472s_firmware-cpe:2.3:o:samsung:srn_472s_firmware:-:*:*:*:*:*:*:*
samsungsrn_472s-cpe:2.3:h:samsung:srn_472s:-:*:*:*:*:*:*:*
samsungsrn_470d_firmware-cpe:2.3:o:samsung:srn_470d_firmware:-:*:*:*:*:*:*:*
samsungsrn_470d-cpe:2.3:h:samsung:srn_470d:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	srn_1670d_firmware	-	cpe:2.3:o:samsung:srn_1670d_firmware:-:::::::*
samsung	srn_1670d	-	cpe:2.3:h:samsung:srn_1670d:-:::::::*
samsung	srn_1000_firmware	-	cpe:2.3:o:samsung:srn_1000_firmware:-:::::::*
samsung	srn_1000	-	cpe:2.3:h:samsung:srn_1000:-:::::::*
samsung	srn_472s_firmware	-	cpe:2.3:o:samsung:srn_472s_firmware:-:::::::*
samsung	srn_472s	-	cpe:2.3:h:samsung:srn_472s:-:::::::*
samsung	srn_470d_firmware	-	cpe:2.3:o:samsung:srn_470d_firmware:-:::::::*
samsung	srn_470d	-	cpe:2.3:h:samsung:srn_470d:-:::::::*

References

github.com/zzz66686/Samsung_NVR_vul

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

65.0%

JSON

Related for CVE-2017-14262