CVE-2017-14262CVE-2017-14262

Affected configuration(s):

cpe:/o:samsung:srn_1000_firmware:-
cpe:/o:samsung:srn_1670d_firmware:-
cpe:/o:samsung:srn_470d_firmware:-
cpe:/o:samsung:srn_472s_firmware:-

Date published: 2017-09-11T05:29:00.687-04:00

Date last modified: 2017-09-18T12:42:56.827-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://github.com/zzz66686/Samsung_NVR_vul

Summary: On Samsung NVR devices, remote attackers can read the MD5 password hash of the ‘admin’ account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.