Vulnerability Details CVE-2018-11689
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/archive/1/542083/100/0/threaded
- https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing
- https://seclists.org/bugtraq/2018/Jun/40
- https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689
- http://www.securityfocus.com/archive/1/542083/100/0/threaded
- https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing
- https://seclists.org/bugtraq/2018/Jun/40
- https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689
Products affected by CVE-2018-11689
-
cpe:2.3:a:samsung:smartviewer:-
-
cpe:2.3:h:hanwha-security:hrd-1641:-
-
cpe:2.3:h:hanwha-security:hrd-1642:-
-
cpe:2.3:h:hanwha-security:hrd-440:-
-
cpe:2.3:h:hanwha-security:hrd-442:-
-
cpe:2.3:h:hanwha-security:hrd-443:-
-
cpe:2.3:h:hanwha-security:hrd-840:-
-
cpe:2.3:h:hanwha-security:hrd-841:-
-
cpe:2.3:h:hanwha-security:hrd-842:-
-
cpe:2.3:h:hanwha-security:srd-1694u:-
-
cpe:2.3:o:hanwha-security:hrd-1641_firmware:-
-
cpe:2.3:o:hanwha-security:hrd-1641_firmware:1.14
-
cpe:2.3:o:hanwha-security:hrd-1642_firmware:-
-
cpe:2.3:o:hanwha-security:hrd-1642_firmware:1.16
-
cpe:2.3:o:hanwha-security:hrd-440_firmware:-
-
cpe:2.3:o:hanwha-security:hrd-440_firmware:1.14
-
cpe:2.3:o:hanwha-security:hrd-442_firmware:-
-
cpe:2.3:o:hanwha-security:hrd-442_firmware:1.16
-
cpe:2.3:o:hanwha-security:hrd-443_firmware:-
-
cpe:2.3:o:hanwha-security:hrd-443_firmware:1.14
-
cpe:2.3:o:hanwha-security:hrd-840_firmware:-
-
cpe:2.3:o:hanwha-security:hrd-840_firmware:1.14
-
cpe:2.3:o:hanwha-security:hrd-841_firmware:-
-
cpe:2.3:o:hanwha-security:hrd-841_firmware:1.14
-
cpe:2.3:o:hanwha-security:hrd-842_firmware:-
-
cpe:2.3:o:hanwha-security:hrd-842_firmware:1.16
-
cpe:2.3:o:hanwha-security:srd-1694u_firmware:-
-
cpe:2.3:o:hanwha-security:srd-1694u_firmware:1.14