Details of VAR-201310-0249

ID

VAR-201310-0249

CVE

CVE-2013-3964

TITLE

plural Samsung SHR Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004460

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. The Samsung SHR-5162/SHR-5082 is an IP camera. A cross-site scripting vulnerability exists in Samsung SHR-5162 and SHR-5082. Allows an attacker to build a malicious URI, entice a user to parse, get sensitive information, or hijack a user's session. Note: Very limited information is currently available regarding this issue. We will update this BID as more information emerges. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 2.43

sources: NVD: CVE-2013-3964 // JVNDB: JVNDB-2013-004460 // CNVD: CNVD-2013-07675 // BID: 60527

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-07675

AFFECTED PRODUCTS

vendor:	samsung	model:	shr-5082	scope:	-	version:	-	Trust: 1.4
vendor:	samsung	model:	shr-5162	scope:	-	version:	-	Trust: 1.4
vendor:	samsung	model:	shr-5082	scope:	eq	version:	-	Trust: 1.0
vendor:	samsung	model:	shr-5162	scope:	eq	version:	-	Trust: 1.0
vendor:	samsung	model:	shr-5162	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	shr-5082	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-07675 // BID: 60527 // JVNDB: JVNDB-2013-004460 // NVD: CVE-2013-3964

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3964
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3964
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-07675
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201306-253
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2013-3964
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-07675
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-07675 // JVNDB: JVNDB-2013-004460 // CNNVD: CNNVD-201306-253 // NVD: CVE-2013-3964

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2013-004460 // NVD: CVE-2013-3964

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-253

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201306-253

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004460

PATCH

title:	SHR-5162	url:	http://www.samsungcctv.com/product/product_view.asp?idx=5669&cid=75	Trust: 0.8
title:	SHR-5082	url:	http://www.samsungsecurity.com/product/product_view.asp?idx=5667&cid=75	Trust: 0.8

sources: JVNDB: JVNDB-2013-004460

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3964	Trust: 3.3
db:	BID	id:	60527	Trust: 1.5
db:	JVNDB	id:	JVNDB-2013-004460	Trust: 0.8
db:	CNVD	id:	CNVD-2013-07675	Trust: 0.6
db:	FULLDISC	id:	20130612 SECURITY ANALYSIS OF IP VIDEO SURVEILLANCE CAMERAS	Trust: 0.6
db:	CNNVD	id:	CNNVD-201306-253	Trust: 0.6

sources: CNVD: CNVD-2013-07675 // BID: 60527 // JVNDB: JVNDB-2013-004460 // CNNVD: CNNVD-201306-253 // NVD: CVE-2013-3964

REFERENCES

url:	http://seclists.org/fulldisclosure/2013/jun/84	Trust: 1.9
url:	http://www.securityfocus.com/bid/60527	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3964	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3964	Trust: 0.8
url:	http://www.samsungsecurity.com/product/product_view.asp?idx=5667&cid=75#fl010000	Trust: 0.3
url:	http://www.samsungcctv.com/product/product_view.asp?idx=5669&cid=75	Trust: 0.3

sources: CNVD: CNVD-2013-07675 // BID: 60527 // JVNDB: JVNDB-2013-004460 // CNNVD: CNNVD-201306-253 // NVD: CVE-2013-3964

CREDITS

Jonas Rapero Castillo

Trust: 0.9

sources: BID: 60527 // CNNVD: CNNVD-201306-253

SOURCES

db:	CNVD	id:	CNVD-2013-07675
db:	BID	id:	60527
db:	JVNDB	id:	JVNDB-2013-004460
db:	CNNVD	id:	CNNVD-201306-253
db:	NVD	id:	CVE-2013-3964

LAST UPDATE DATE

2025-04-11T22:23:00.967000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-07675	date:	2013-06-20T00:00:00
db:	BID	id:	60527	date:	2013-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-004460	date:	2013-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201306-253	date:	2021-11-30T00:00:00
db:	NVD	id:	CVE-2013-3964	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-07675	date:	2013-06-20T00:00:00
db:	BID	id:	60527	date:	2013-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-004460	date:	2013-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201306-253	date:	2013-06-12T00:00:00
db:	NVD	id:	CVE-2013-3964	date:	2013-10-01T19:55:09.460