Summary
The remote Samsung DVR is prone to an Authentication Bypass.
Impact
This vulnerability allows remote unauthenticated users to:
- Get/set/delete username/password of local users (/cgi-bin/setup_user) - Get/set DVR/Camera general configuration
- Get info about the device/storage
- Get/set the NTP server
- Get/set many other settings
Impact Level: Application
Solution
Ask the Vendor for an update.
Insight
In most of the CGIs on the Samsung DVR, the session check is made in a wrong way, that allows to access protected pages simply putting an arbitrary cookie into the HTTP request.
Affected
Samsung DVR with firmware version <= 1.10
Detection
Check if /cgi-bin/setup_user is accessible without authentication
References
Severity
Classification
-
CVE CVE-2013-3585, CVE-2013-3586 -
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities