Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
References
Link | Resource |
---|---|
http://www.securityfocus.com/archive/1/542083/100/0/threaded | Exploit Third Party Advisory URL Repurposed VDB Entry |
https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing | Exploit Third Party Advisory |
https://seclists.org/bugtraq/2018/Jun/40 | Exploit Mailing List Third Party Advisory |
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-14T20:00:00
Updated: 2022-01-04T03:50:37
Reserved: 2018-06-03T00:00:00
Link: CVE-2018-11689
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-14T20:29:00.317
Modified: 2022-04-24T01:54:57.927
Link: CVE-2018-11689
JSON object: View
Redhat Information
No data.
CWE