Reflected Cross Site Scripting in Hanwha DVR Web Viewer and Samsung DVR
CVE-2018-11689

6.1MEDIUM

Key Information:

Vendor
Samsung
Status
Smartviewer
Vendor
CVE Published:
14 June 2018

Summary

The Web Viewer for Hanwha DVR version 2.17 and the Smart Viewer application for Samsung DVR are susceptible to reflected cross site scripting (XSS) attacks. This vulnerability is exploited through the 'data3' parameter in the '/cgi-bin/webviewer_login_page' endpoint. Attackers can leverage this flaw to execute arbitrary scripts in the context of users' web sessions, which may lead to sensitive data exposure or unauthorized actions on behalf of the user. It is crucial for users of affected products to implement necessary security measures to mitigate the risk of exploitation.

References

http://www.securityfocus.com/archive/1/542083/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689
x_refsource_MISC
https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.