Sign-up

ID

VAR-201308-0208


CVE

CVE-2013-3585


TITLE

Samsung Web Viewer for Samsung DVR allows authentication bypass and password disclosure

Trust: 0.8

sources: CERT/CC: VU#882286

DESCRIPTION

Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. Samsung DVR is prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2013-3585 // CERT/CC: VU#882286 // JVNDB: JVNDB-2013-003909 // BID: 61942

AFFECTED PRODUCTS

vendor:samsungmodel:smart viewerscope:eqversion: -

Trust: 1.6

vendor:samsungmodel: - scope: - version: -

Trust: 0.8

vendor:samsungmodel:dvrscope: - version: -

Trust: 0.8

vendor:samsungmodel:smartviewerscope:eqversion:(web viewer)

Trust: 0.8

vendor:samsungmodel:dvrscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#882286 // BID: 61942 // JVNDB: JVNDB-2013-003909 // CNNVD: CNNVD-201308-352 // NVD: CVE-2013-3585

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3585
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3585
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-352
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-3585
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-003909 // CNNVD: CNNVD-201308-352 // NVD: CVE-2013-3585

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

problemtype:CWE-313

Trust: 0.8

problemtype:CWE-302

Trust: 0.8

sources: CERT/CC: VU#882286 // JVNDB: JVNDB-2013-003909 // NVD: CVE-2013-3585

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-352

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201308-352

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003909

PATCH
title:Smart Viewerurl:http://www.samsungsecurity.com/product/product_view.asp?idx=6275
Trust: 0.8
title:DVR Security Systemsurl:https://www.samsung-security.com/products/video-recording-and-management/dvr.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003909

EXTERNAL IDS
db:CERT/CCid:VU#882286
Trust: 3.5
db:NVDid:CVE-2013-3585
Trust: 2.7
db:BIDid:61942
Trust: 0.9
db:JVNid:JVNVU94025783
Trust: 0.8
db:JVNDBid:JVNDB-2013-003909
Trust: 0.8
db:CNNVDid:CNNVD-201308-352
Trust: 0.6
sources:
            
            
            CERT/CC: VU#882286 // 
            
            
            
            BID: 61942 // 
            
            
            
            JVNDB: JVNDB-2013-003909 // 
            
            
            
            CNNVD: CNNVD-201308-352 // 
            
            
            
            NVD: CVE-2013-3585

REFERENCES
url:http://www.kb.cert.org/vuls/id/882286
Trust: 2.7
url:https://www.samsung-security.com/products/video-recording-and-management/dvr.aspx
Trust: 1.1
url:http://cwe.mitre.org/data/definitions/313.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/302.html
Trust: 0.8
url:https://www.samsung-security.com/
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3585
Trust: 0.8
url:http://jvn.jp/cert/jvnvu94025783/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3585
Trust: 0.8
url:http://www.securityfocus.com/bid/61942
Trust: 0.6
sources:
            
            
            CERT/CC: VU#882286 // 
            
            
            
            BID: 61942 // 
            
            
            
            JVNDB: JVNDB-2013-003909 // 
            
            
            
            CNNVD: CNNVD-201308-352 // 
            
            
            
            NVD: CVE-2013-3585

CREDITS
Andrey Bezborodov
Trust: 0.9
sources:
            
            
            BID: 61942 // 
            
            
            
            CNNVD: CNNVD-201308-352

SOURCES
db:CERT/CCid:VU#882286
db:BIDid:61942
db:JVNDBid:JVNDB-2013-003909
db:CNNVDid:CNNVD-201308-352
db:NVDid:CVE-2013-3585

LAST UPDATE DATE
2025-04-11T23:14:42.419000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#882286date:2013-10-03T00:00:00
db:BIDid:61942date:2013-08-21T00:00:00
db:JVNDBid:JVNDB-2013-003909date:2013-08-29T00:00:00
db:CNNVDid:CNNVD-201308-352date:2013-08-29T00:00:00
db:NVDid:CVE-2013-3585date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#882286date:2013-08-21T00:00:00
db:BIDid:61942date:2013-08-21T00:00:00
db:JVNDBid:JVNDB-2013-003909date:2013-08-29T00:00:00
db:CNNVDid:CNNVD-201308-352date:2013-08-27T00:00:00
db:NVDid:CVE-2013-3585date:2013-08-28T13:09:15.647