CVE-2023-41270 - OpenCVE

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Ue40d7000 Firmware Ue40d7000

Configuration 1 [-]

AND

cpe:2.3:o:samsung:ue40d7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:samsung:ue40d7000:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.slideshare.net/fuguet/smold-tv-old-smart	Exploit Technical Description Third Party Advisory
https://www.youtube.com/watch?v=MdIT4mPTX3s	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published: 2023-11-08T06:32:40.430Z

Updated: 2023-11-08T09:33:19.518Z

Reserved: 2023-08-28T08:40:10.108Z

Link: CVE-2023-41270

JSON object: View

NVD Information

Status : Modified

Published: 2023-11-08T07:15:27.367

Modified: 2024-05-17T02:28:31.233

Link: CVE-2023-41270

JSON object: View

Redhat Information

No data.

CWE

CWE-307

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-41270", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2023-08-28T08:40:10.108Z", "datePublished": "2023-11-08T06:32:40.430Z", "dateUpdated": "2023-11-08T09:33:19.518Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "UE40D7000", "vendor": "Samsung TV", "versions": [{"lessThanOrEqual": "T-GAPDEUC-1033", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Gerard Fuguet <gerard@fuguet.cat>"}], "datePublic": "2023-11-08T04:37:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools."}], "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2023-11-08T09:33:19.518Z"}, "references": [{"url": "https://www.slideshare.net/fuguet/smold-tv-old-smart"}, {"url": "https://www.youtube.com/watch?v=MdIT4mPTX3s"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "title": "Samsung Smart TV UE40D7000 WPS DoS attack", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:ue40d7000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "87077D36-29AA-4D97-B69B-B026AD480C5F", "versionEndIncluding": "t-gapdeuc-1033.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:ue40d7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "57A4CF7D-9D17-4F22-A960-68B065D4F64E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools."}, {"lang": "es", "value": "Vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos en Samsung Smart TV UE40D7000 versi\u00f3n T-GAPDEUC-1033.2 y anteriores permite a los atacantes provocar una denegaci\u00f3n de servicio mediante herramientas de ataque WPS."}], "id": "CVE-2023-41270", "lastModified": "2024-05-17T02:28:31.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "PSIRT@samsung.com", "type": "Secondary"}]}, "published": "2023-11-08T07:15:27.367", "references": [{"source": "PSIRT@samsung.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.slideshare.net/fuguet/smold-tv-old-smart"}, {"source": "PSIRT@samsung.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=MdIT4mPTX3s"}], "sourceIdentifier": "PSIRT@samsung.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-307"}], "source": "PSIRT@samsung.com", "type": "Secondary"}]}