Samsung DVR Authentication Bypass Network Vulnerability

Summary

The remote Samsung DVR is prone to an Authentication Bypass.

Impact

This vulnerability allows remote unauthenticated users to: - Get/set/delete username/password of local users (/cgi-bin/setup_user) - Get/set DVR/Camera general configuration - Get info about the device/storage - Get/set the NTP server - Get/set many other settings Impact Level: Application

Solution

Ask the Vendor for an update.

Insight

In most of the CGIs on the Samsung DVR, the session check is made in a wrong way, that allows to access protected pages simply putting an arbitrary cookie into the HTTP request.

Affected

Samsung DVR with firmware version <= 1.10

Detection

Check if /cgi-bin/setup_user is accessible without authentication

References

http://www.andreafabrizi.it/?exploits:samsung:dvr
http://www.exploit-db.com/exploits/27753
http://www.kb.cert.org/vuls/id/882286
http://www.osvdb.com/96509
http://www.osvdb.com/96510

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3585, CVE-2013-3586

CVSS	Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Apache Archiva Multiple Remote Command Execution Vulnerabilities
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
AlefMentor Multiple SQL Injection Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability

Take action and discover your vulnerabilities