Sign-up

ID

VAR-201709-0393


CVE

CVE-2017-14262


TITLE

Samsung NVR Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-007938

DESCRIPTION

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. Samsung NVR Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungNVRdevices is a network video recorder device from South Korea's Samsung. There is a security hole in the Samsung NVR device

Trust: 2.34

sources: NVD: CVE-2017-14262 // JVNDB: JVNDB-2017-007938 // CNVD: CNVD-2017-33219 // VULHUB: VHN-104967 // VULMON: CVE-2017-14262

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33219

AFFECTED PRODUCTS

vendor:samsungmodel:srn 1670dscope:eqversion: -

Trust: 1.6

vendor:samsungmodel:srn 472sscope:eqversion: -

Trust: 1.6

vendor:samsungmodel:srn 470dscope:eqversion: -

Trust: 1.6

vendor:samsungmodel:srn 1000scope:eqversion: -

Trust: 1.6

vendor:samsungmodel:srn 1000scope: - version: -

Trust: 0.8

vendor:samsungmodel:srn 1670dscope: - version: -

Trust: 0.8

vendor:samsungmodel:srn 470dscope: - version: -

Trust: 0.8

vendor:samsungmodel:srn 472sscope: - version: -

Trust: 0.8

vendor:samsungmodel:nvr devicesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-33219 // JVNDB: JVNDB-2017-007938 // CNNVD: CNNVD-201709-425 // NVD: CVE-2017-14262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14262
value: HIGH

Trust: 1.0

NVD: CVE-2017-14262
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-33219
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-425
value: HIGH

Trust: 0.6

VULHUB: VHN-104967
value: HIGH

Trust: 0.1

VULMON: CVE-2017-14262
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14262
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-33219
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-104967
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14262
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-33219 // VULHUB: VHN-104967 // VULMON: CVE-2017-14262 // JVNDB: JVNDB-2017-007938 // CNNVD: CNNVD-201709-425 // NVD: CVE-2017-14262

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-104967 // JVNDB: JVNDB-2017-007938 // NVD: CVE-2017-14262

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-425

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201709-425

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007938

PATCH
title:Top Pageurl:http://www.samsung.com/semiconductor/
Trust: 0.8
title:Samsung_NVR_vulurl:https://github.com/zzz66686/CVE-2017-14262 
Trust: 0.1
title:SecBooks
SecBooks目录url:https://github.com/SexyBeast233/SecBooks 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-14262 // 
            
            
            
            JVNDB: JVNDB-2017-007938

EXTERNAL IDS
db:NVDid:CVE-2017-14262
Trust: 3.2
db:JVNDBid:JVNDB-2017-007938
Trust: 0.8
db:CNNVDid:CNNVD-201709-425
Trust: 0.7
db:CNVDid:CNVD-2017-33219
Trust: 0.6
db:VULHUBid:VHN-104967
Trust: 0.1
db:VULMONid:CVE-2017-14262
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33219 // 
            
            
            
            VULHUB: VHN-104967 // 
            
            
            
            VULMON: CVE-2017-14262 // 
            
            
            
            JVNDB: JVNDB-2017-007938 // 
            
            
            
            CNNVD: CNNVD-201709-425 // 
            
            
            
            NVD: CVE-2017-14262

REFERENCES
url:https://github.com/zzz66686/samsung_nvr_vul
Trust: 3.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14262
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14262
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/326.html
Trust: 0.1
url:https://github.com/zzz66686/cve-2017-14262
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/sexybeast233/secbooks
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33219 // 
            
            
            
            VULHUB: VHN-104967 // 
            
            
            
            VULMON: CVE-2017-14262 // 
            
            
            
            JVNDB: JVNDB-2017-007938 // 
            
            
            
            CNNVD: CNNVD-201709-425 // 
            
            
            
            NVD: CVE-2017-14262

SOURCES
db:CNVDid:CNVD-2017-33219
db:VULHUBid:VHN-104967
db:VULMONid:CVE-2017-14262
db:JVNDBid:JVNDB-2017-007938
db:CNNVDid:CNNVD-201709-425
db:NVDid:CVE-2017-14262

LAST UPDATE DATE
2025-04-20T23:19:51.857000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33219date:2017-11-09T00:00:00
db:VULHUBid:VHN-104967date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-14262date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-007938date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-425date:2019-10-23T00:00:00
db:NVDid:CVE-2017-14262date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33219date:2017-11-09T00:00:00
db:VULHUBid:VHN-104967date:2017-09-11T00:00:00
db:VULMONid:CVE-2017-14262date:2017-09-11T00:00:00
db:JVNDBid:JVNDB-2017-007938date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-425date:2017-09-12T00:00:00
db:NVDid:CVE-2017-14262date:2017-09-11T09:29:00.687