Monday, 11 September 2017
A vulnerability, which was classified as problematic, was found in Samsung NVR (the affected version is unknown). This affects an unknown function of the file cgi-bin/main-cgi. The manipulation of the argument
szUserPasswd as part of a JSON Data leads to a information disclosure vulnerability (Password). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.
The weakness was disclosed 09/11/2017. This vulnerability is uniquely identified as CVE-2017-14262 since 09/10/2017. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
CVSSv3
VulDB Base Score: ≈3.5VulDB Temp Score: ≈3.5
VulDB Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
VulDB Reliability: Low
CVSSv2
VulDB Base Score: ≈1.5 (CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:N)VulDB Temp Score: ≈1.5 (CVSS2#E:ND/RL:ND/RC:ND)
VulDB Reliability: Medium
CPE
- cpe:/a:samsung:nvr
Exploiting
Class: Information disclosure / Password (CWE-200)Local: Yes
Remote: No
Availability: No
Price Prediction: steady
Current Price Estimation:
| 0-Day | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
|---|---|---|---|---|
| Today | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
Countermeasures
Recommended: no mitigation known0-Day Time: 0 days since found
Timeline
09/10/2017 CVE assigned09/11/2017 Advisory disclosed
09/11/2017 VulDB entry created
09/11/2017 VulDB last update
Sources
CVE: CVE-2017-14262 (mitre.org) (nvd.nist.org) (cvedetails.com)
Subscribe to:
Post Comments (Atom)
Featured post
27 good hacker documentary
In the eyes of most people, a group of hackers usually extremely boring nothing interesting people, and that if only the computer code in ...
Blog Archive
My computer has no value to hackers, they do not target me
0 comments:
Post a Comment