CVE-2018-11689

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
samsungsmartviewer
-
hanwha-securityhrd-1642_firmware
𝑥
≤ 1.16
hanwha-securityhrd-842_firmware
𝑥
≤ 1.16
hanwha-securityhrd-442_firmware
𝑥
≤ 1.16
hanwha-securityhrd-1641_firmware
𝑥
≤ 1.14
hanwha-securityhrd-841_firmware
𝑥
≤ 1.14
hanwha-securityhrd-840_firmware
𝑥
≤ 1.14
hanwha-securityhrd-440_firmware
𝑥
≤ 1.14
hanwha-securityhrd-443_firmware
𝑥
≤ 1.14
hanwha-securitysrd-1694u_firmware
𝑥
≤ 1.14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/542083/100/0/threaded
https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing
https://seclists.org/bugtraq/2018/Jun/40
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689
http://www.securityfocus.com/archive/1/542083/100/0/threaded
https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing
https://seclists.org/bugtraq/2018/Jun/40
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689