Sign-up

ID

VAR-201308-0209


CVE

CVE-2013-3586


TITLE

Samsung Web Viewer for Samsung DVR allows authentication bypass and password disclosure

Trust: 0.8

sources: CERT/CC: VU#882286

DESCRIPTION

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. Samsung DVR is prone to an authentication-bypass vulnerability. Attackers can exploit this vulnerability to gain access to internal pages, including camera controls and account settings, which may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2013-3586 // CERT/CC: VU#882286 // JVNDB: JVNDB-2013-003910 // BID: 61938

AFFECTED PRODUCTS

vendor:samsungmodel:smart viewerscope:eqversion: -

Trust: 1.6

vendor:samsungmodel:dvrscope:eqversion: -

Trust: 1.0

vendor:samsungmodel: - scope: - version: -

Trust: 0.8

vendor:samsungmodel:dvrscope: - version: -

Trust: 0.8

vendor:samsungmodel:smartviewerscope:eqversion:(web viewer)

Trust: 0.8

vendor:samsungmodel:dvrscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#882286 // BID: 61938 // JVNDB: JVNDB-2013-003910 // CNNVD: CNNVD-201308-351 // NVD: CVE-2013-3586

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3586
value: HIGH

Trust: 1.0

NVD: CVE-2013-3586
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201308-351
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2013-3586
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-003910 // CNNVD: CNNVD-201308-351 // NVD: CVE-2013-3586

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

problemtype:CWE-313

Trust: 0.8

problemtype:CWE-302

Trust: 0.8

sources: CERT/CC: VU#882286 // JVNDB: JVNDB-2013-003910 // NVD: CVE-2013-3586

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-351

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201308-351

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003910

PATCH
title:Smart Viewerurl:http://www.samsungsecurity.com/product/product_view.asp?idx=6275
Trust: 0.8
title:DVR Security Systemsurl:https://www.samsung-security.com/products/video-recording-and-management/dvr.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003910

EXTERNAL IDS
db:CERT/CCid:VU#882286
Trust: 3.5
db:NVDid:CVE-2013-3586
Trust: 2.7
db:BIDid:61938
Trust: 0.9
db:JVNid:JVNVU94025783
Trust: 0.8
db:JVNDBid:JVNDB-2013-003910
Trust: 0.8
db:CNNVDid:CNNVD-201308-351
Trust: 0.6
sources:
            
            
            CERT/CC: VU#882286 // 
            
            
            
            BID: 61938 // 
            
            
            
            JVNDB: JVNDB-2013-003910 // 
            
            
            
            CNNVD: CNNVD-201308-351 // 
            
            
            
            NVD: CVE-2013-3586

REFERENCES
url:http://www.kb.cert.org/vuls/id/882286
Trust: 2.7
url:https://www.samsung-security.com/products/video-recording-and-management/dvr.aspx
Trust: 1.1
url:http://cwe.mitre.org/data/definitions/313.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/302.html
Trust: 0.8
url:https://www.samsung-security.com/
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3586
Trust: 0.8
url:http://jvn.jp/cert/jvnvu94025783/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3586
Trust: 0.8
url:http://www.securityfocus.com/bid/61938
Trust: 0.6
sources:
            
            
            CERT/CC: VU#882286 // 
            
            
            
            BID: 61938 // 
            
            
            
            JVNDB: JVNDB-2013-003910 // 
            
            
            
            CNNVD: CNNVD-201308-351 // 
            
            
            
            NVD: CVE-2013-3586

CREDITS
Andrey Bezborodov
Trust: 0.9
sources:
            
            
            BID: 61938 // 
            
            
            
            CNNVD: CNNVD-201308-351

SOURCES
db:CERT/CCid:VU#882286
db:BIDid:61938
db:JVNDBid:JVNDB-2013-003910
db:CNNVDid:CNNVD-201308-351
db:NVDid:CVE-2013-3586

LAST UPDATE DATE
2025-04-11T23:14:42.450000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#882286date:2013-10-03T00:00:00
db:BIDid:61938date:2013-08-21T00:00:00
db:JVNDBid:JVNDB-2013-003910date:2013-08-29T00:00:00
db:CNNVDid:CNNVD-201308-351date:2013-08-29T00:00:00
db:NVDid:CVE-2013-3586date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#882286date:2013-08-21T00:00:00
db:BIDid:61938date:2013-08-21T00:00:00
db:JVNDBid:JVNDB-2013-003910date:2013-08-29T00:00:00
db:CNNVDid:CNNVD-201308-351date:2013-08-27T00:00:00
db:NVDid:CVE-2013-3586date:2013-08-28T13:09:15.663