Vulnerabilities > CVE-2013-3585 - Credentials Management vulnerability in Samsung Smart Viewer

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

samsung

CWE-255

exploit available

NVD

Published: 2013-08-28

Updated: 2013-10-07

Summary

Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page.

Vulnerable Configurations

Part	Description	Count
Application	Samsung Samsung Smart Viewer -	1
Hardware	Samsung Samsung DVR -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Samsung DVR Firmware 1.10 - Authentication Bypass. CVE-2013-3585,CVE-2013-3586. Webapps exploit for hardware platform
id	EDB-ID:27753
last seen	2016-02-03
modified	2013-08-21
published	2013-08-21
reporter	Andrea Fabrizi
source	https://www.exploit-db.com/download/27753/
title	Samsung DVR Firmware 1.10 - Authentication Bypass

References

http://www.kb.cert.org/vuls/id/882286