9.3

CVE-2017-14262

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SamsungSrn 1670d Firmware Version-
   SamsungSrn 1670d Version-
SamsungSrn 1000 Firmware Version-
   SamsungSrn 1000 Version-
SamsungSrn 472s Firmware Version-
   SamsungSrn 472s Version-
SamsungSrn 470d Firmware Version-
   SamsungSrn 470d Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.43% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://github.com/zzz66686/Samsung_NVR_vul
Third Party Advisory