CVE-2018-11689

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 14-06-2018 10:29

Last modified: - 24-04-2022 03:54

Total changes: - 3

Description

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

None

Privileges required

Changed

Scope

Required

User interaction

6.1

Base score

2.8

2.7

Exploitability score

Impact score

Verification logic

vendor=samsung AND product=smartviewer AND version=-

AND

vendor=hanwha-security AND product=hrd-1642_firmware AND versionEndIncluding=1.16

vendor=hanwha-security AND product=hrd-1642 AND version=-

AND

vendor=hanwha-security AND product=hrd-842_firmware AND versionEndIncluding=1.16

vendor=hanwha-security AND product=hrd-842 AND version=-

AND

vendor=hanwha-security AND product=hrd-442_firmware AND versionEndIncluding=1.16

vendor=hanwha-security AND product=hrd-442 AND version=-

AND

vendor=hanwha-security AND product=hrd-1641_firmware AND versionEndIncluding=1.14

vendor=hanwha-security AND product=hrd-1641 AND version=-

AND

vendor=hanwha-security AND product=hrd-841_firmware AND versionEndIncluding=1.14

vendor=hanwha-security AND product=hrd-841 AND version=-

AND

vendor=hanwha-security AND product=hrd-840_firmware AND versionEndIncluding=1.14

vendor=hanwha-security AND product=hrd-840 AND version=-

AND

vendor=hanwha-security AND product=hrd-440_firmware AND versionEndIncluding=1.14

vendor=hanwha-security AND product=hrd-440 AND version=-

AND

vendor=hanwha-security AND product=hrd-443_firmware AND versionEndIncluding=1.14

vendor=hanwha-security AND product=hrd-443 AND version=-

AND

vendor=hanwha-security AND product=srd-1694u_firmware AND versionEndIncluding=1.14

vendor=hanwha-security AND product=srd-1694u AND version=-

Reference

https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689
20180613 Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689-Exploit, Third Party Advisory, URL Repurposed, VDB Entry
https://seclists.org/bugtraq/2018/Jun/40
https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing

Keywords

CVE-2018-11689

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2018-11689

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures