Details of VAR-201612-0654

ID

VAR-201612-0654

TITLE

Samsung DVR Design Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-13108

DESCRIPTION

SamsungDVR is a small PC for recording TV broadcast, cable TV or DirectTV transmission. SamsungDVR design vulnerability. Since the Samsung DVR web browser uses the HTTP80 port by default to transmit a base64 encoded certificate in the cookie header, only the login name and password are base64 encoded. The attacker exploits the vulnerability to modify the default credentials to gain access to the SamsungDVRweb interface and control the IP camera.

Trust: 0.6

sources: CNVD: CNVD-2016-13108

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-13108

AFFECTED PRODUCTS

vendor:

samsung

model:

dvr

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-13108

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-13108
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-13108
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-13108

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-13108

Trust: 0.6

sources: CNVD: CNVD-2016-13108

REFERENCES

url:

http://seclists.org/bugtraq/2016/dec/38

Trust: 0.6

sources: CNVD: CNVD-2016-13108

SOURCES

db:

CNVD

id:

CNVD-2016-13108

LAST UPDATE DATE

2022-05-04T08:40:56.806000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-13108

date:

2016-12-27T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-13108

date:

2016-12-27T00:00:00