Lucene search

[email protected]CVE-2018-11689

HistoryJun 14, 2018 - 8:29 p.m.

CVE-2018-11689

2018-06-1420:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2018-11689

web viewer

hanwha dvr

samsung dvr

xss

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.095 Low

EPSS

Percentile

94.8%

JSON

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)

Affected configurations

NVD

Node

samsungsmartviewerMatch-

Node

hanwha-securityhrd-1642Match-

AND

hanwha-securityhrd-1642_firmwareRange≤1.16

Node

hanwha-securityhrd-842Match-

AND

hanwha-securityhrd-842_firmwareRange≤1.16

Node

hanwha-securityhrd-442Match-

AND

hanwha-securityhrd-442_firmwareRange≤1.16

Node

hanwha-securityhrd-1641Match-

AND

hanwha-securityhrd-1641_firmwareRange≤1.14

Node

hanwha-securityhrd-841Match-

AND

hanwha-securityhrd-841_firmwareRange≤1.14

Node

hanwha-securityhrd-840Match-

AND

hanwha-securityhrd-840_firmwareRange≤1.14

Node

hanwha-securityhrd-440Match-

AND

hanwha-securityhrd-440_firmwareRange≤1.14

Node

hanwha-securityhrd-443Match-

AND

hanwha-securityhrd-443_firmwareRange≤1.14

Node

hanwha-securitysrd-1694u_firmwareRange≤1.14

AND

hanwha-securitysrd-1694uMatch-

CPENameOperatorVersion
samsung:smartviewersamsung smartviewereq-

CPE	Name	Operator	Version
samsung:smartviewer	samsung smartviewer	eq	-

References

www.securityfocus.com/archive/1/542083/100/0/threaded

drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing

seclists.org/bugtraq/2018/Jun/40

vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.095 Low

EPSS

Percentile

94.8%

JSON

Related for CVE-2018-11689

checkpoint_advisories1 cvelist1 nvd2 packetstorm1 nessus1 prion1 cve1