CVE-2018-11689

6.1MEDIUM

Key Information:

Vendor: Samsung
Status: Smartviewer
Vendor: CVE Published:; 14 June 2018

Summary

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)

References

http://www.securityfocus.com/archive/1/542083/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689

x_refsource_MISC

https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N...

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 14, 2018
Vulnerability Reserved
Jun 3, 2018