Monday, 11 September 2017
On 16:10 by admin in vulns No comments
A vulnerability, which was classified as problematic, was found in Samsung NVR (the affected version is unknown). This affects an unknown function of the file cgi-bin/main-cgi. The manipulation of the argument
szUserPasswd
as part of a JSON Data leads to a information disclosure vulnerability (Password). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.
The weakness was disclosed 09/11/2017. This vulnerability is uniquely identified as CVE-2017-14262 since 09/10/2017. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
CVSSv3
VulDB Base Score: ≈3.5VulDB Temp Score: ≈3.5
VulDB Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
VulDB Reliability: Low
CVSSv2
VulDB Base Score: ≈1.5 (CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:N)VulDB Temp Score: ≈1.5 (CVSS2#E:ND/RL:ND/RC:ND)
VulDB Reliability: Medium
CPE
- cpe:/a:samsung:nvr
Exploiting
Class: Information disclosure / Password (CWE-200)Local: Yes
Remote: No
Availability: No
Price Prediction: steady
Current Price Estimation:
0-Day | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
---|---|---|---|---|
Today | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
Countermeasures
Recommended: no mitigation known0-Day Time: 0 days since found
Timeline
09/10/2017 CVE assigned09/11/2017 +1 days Advisory disclosed
09/11/2017 +0 days VulDB entry created
09/11/2017 +0 days VulDB last update
Sources
CVE: CVE-2017-14262 (mitre.org) (nvd.nist.org) (cvedetails.com)
Subscribe to:
Post Comments (Atom)
Search
Featured post
27 good hacker documentary
In the eyes of most people, a group of hackers usually extremely boring nothing interesting people, and that if only the computer code in ...

0 comments:
Post a comment