Sign-up

ID

VAR-201806-0920


CVE

CVE-2018-11689


TITLE

Samsung DVR for Samsung Web Viewer Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-006611

DESCRIPTION

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.). SamsungsmartViewer is Samsung's TV connection software. A cross-site scripting vulnerability exists in SamsungWebViewerforSamsungDVR that allows remote attackers to exploit exploits to inject arbitrary web scripts or HTML

Trust: 2.25

sources: NVD: CVE-2018-11689 // JVNDB: JVNDB-2018-006611 // CNVD: CNVD-2018-11462 // VULMON: CVE-2018-11689

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-11462

AFFECTED PRODUCTS

vendor:samsungmodel:smartviewerscope:eqversion: -

Trust: 1.6

vendor:hanwha securitymodel:hrd-1642scope:lteversion:1.16

Trust: 1.0

vendor:hanwha securitymodel:hrd-842scope:lteversion:1.16

Trust: 1.0

vendor:hanwha securitymodel:hrd-841scope:lteversion:1.14

Trust: 1.0

vendor:hanwha securitymodel:hrd-1641scope:lteversion:1.14

Trust: 1.0

vendor:hanwha securitymodel:hrd-443scope:lteversion:1.14

Trust: 1.0

vendor:hanwha securitymodel:hrd-440scope:lteversion:1.14

Trust: 1.0

vendor:hanwha securitymodel:hrd-442scope:lteversion:1.16

Trust: 1.0

vendor:hanwha securitymodel:srd-1694uscope:lteversion:1.14

Trust: 1.0

vendor:hanwha securitymodel:hrd-840scope:lteversion:1.14

Trust: 1.0

vendor:samsungmodel:smartviewerscope: - version: -

Trust: 0.8

vendor:samsungmodel:web viewer for samsung dvrscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-11462 // JVNDB: JVNDB-2018-006611 // CNNVD: CNNVD-201806-886 // NVD: CVE-2018-11689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11689
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-11689
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-11462
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-886
value: MEDIUM

Trust: 0.6

VULMON: CVE-2018-11689
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11689
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-11462
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-11689
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2018-11689
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-11462 // VULMON: CVE-2018-11689 // JVNDB: JVNDB-2018-006611 // CNNVD: CNNVD-201806-886 // NVD: CVE-2018-11689

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2018-006611 // NVD: CVE-2018-11689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-886

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201806-886

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006611

PATCH
title:Smart Viewerurl:https://www.samsung.com/us/apps/smart-view-2/
Trust: 0.8
title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers 
Trust: 0.1
title: - url:https://github.com/lnick2023/nicenice 
Trust: 0.1
title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-11689 // 
            
            
            
            JVNDB: JVNDB-2018-006611

EXTERNAL IDS
db:NVDid:CVE-2018-11689
Trust: 3.1
db:JVNDBid:JVNDB-2018-006611
Trust: 0.8
db:CNVDid:CNVD-2018-11462
Trust: 0.6
db:CNNVDid:CNNVD-201806-886
Trust: 0.6
db:PACKETSTORMid:148183
Trust: 0.1
db:VULMONid:CVE-2018-11689
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11462 // 
            
            
            
            VULMON: CVE-2018-11689 // 
            
            
            
            JVNDB: JVNDB-2018-006611 // 
            
            
            
            CNNVD: CNNVD-201806-886 // 
            
            
            
            NVD: CVE-2018-11689

REFERENCES
url:https://vulmon.com/vulnerabilitydetails?qid=cve-2018-11689
Trust: 2.5
url:https://seclists.org/bugtraq/2018/jun/40
Trust: 2.3
url:http://www.securityfocus.com/archive/1/542083/100/0/threaded
Trust: 1.7
url:https://drive.google.com/file/d/1awbvdrx1krkuv4ikkm530a2n5qrxclmr/view?usp=sharing
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11689
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11689
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://packetstormsecurity.com/files/148183/samsung-web-viewer-for-samsung-dvr-cross-site-scripting.html
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11462 // 
            
            
            
            VULMON: CVE-2018-11689 // 
            
            
            
            JVNDB: JVNDB-2018-006611 // 
            
            
            
            CNNVD: CNNVD-201806-886 // 
            
            
            
            NVD: CVE-2018-11689

SOURCES
db:CNVDid:CNVD-2018-11462
db:VULMONid:CVE-2018-11689
db:JVNDBid:JVNDB-2018-006611
db:CNNVDid:CNNVD-201806-886
db:NVDid:CVE-2018-11689

LAST UPDATE DATE
2024-11-23T22:38:07.948000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11462date:2018-06-14T00:00:00
db:VULMONid:CVE-2018-11689date:2022-04-24T00:00:00
db:JVNDBid:JVNDB-2018-006611date:2018-08-28T00:00:00
db:CNNVDid:CNNVD-201806-886date:2022-01-05T00:00:00
db:NVDid:CVE-2018-11689date:2024-11-21T03:43:49.723

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-11462date:2018-06-14T00:00:00
db:VULMONid:CVE-2018-11689date:2018-06-14T00:00:00
db:JVNDBid:JVNDB-2018-006611date:2018-08-28T00:00:00
db:CNNVDid:CNNVD-201806-886date:2018-06-15T00:00:00
db:NVDid:CVE-2018-11689date:2018-06-14T20:29:00.317