CVE-2023-38523

Exploit

EPSS 0.26%
Published 20.07.2023 19:15:10
Last modified 21.11.2024 08:13:45
Source cve@mitre.org
Teams watchlist Login
Open Login

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Fgn1115-wp-wh Firmware Version < 1.15.61

Samsung ≫ Fgn1115-wp-wh Version-

Samsung ≫ Fgn1122-sa Firmware Version < 1.15.61

Samsung ≫ Fgn1122-sa Version-

Samsung ≫ Fgn1122-cd Firmware Version < 1.15.61

Samsung ≫ Fgn1122-cd Version-

Samsung ≫ Fgn1222-sa Firmware Version < 1.15.61

Samsung ≫ Fgn1222-sa Version-

Samsung ≫ Fgn1222-cd Firmware Version < 1.15.61

Samsung ≫ Fgn1222-cd Version-

Samsung ≫ Fgn1233-sa Firmware Version < 1.15.61

Samsung ≫ Fgn1233-sa Version-

Samsung ≫ Fgn1133-sa Firmware Version < 1.15.61

Samsung ≫ Fgn1133-sa Version-

Samsung ≫ Fgn1133-cd Firmware Version < 1.15.61

Samsung ≫ Fgn1133-cd Version-

Samsung ≫ Fgn1233-cd Firmware Version < 1.15.61

Samsung ≫ Fgn1233-cd Version-

Samsung ≫ Fgn1133a-sa Firmware Version < 1.15.61

Samsung ≫ Fgn1133a-sa Version-

Samsung ≫ Fgn1233a-sa Firmware Version < 1.15.61

Samsung ≫ Fgn1233a-sa Version-

Samsung ≫ Fgn1133a-cd Firmware Version < 1.15.61

Samsung ≫ Fgn1133a-cd Version-

Samsung ≫ Fgn1233a-cd Firmware Version < 1.15.61

Samsung ≫ Fgn1233a-cd Version-

Samsung ≫ Fgn2135-sa Firmware Version < 1.15.61

Samsung ≫ Fgn2135-sa Version-

Samsung ≫ Fgn2235-cd Firmware Version < 1.15.61

Samsung ≫ Fgn2235-cd Version-

Samsung ≫ Fgn2235-sa Firmware Version < 1.15.61

Samsung ≫ Fgn2235-sa Version-

Samsung ≫ Fgn2135-cd Firmware Version < 1.15.61

Samsung ≫ Fgn2135-cd Version-

Samsung ≫ Fgn2122-sa Firmware Version < 1.15.61

Samsung ≫ Fgn2122-sa Version-

Samsung ≫ Fgn2222-sa Firmware Version < 1.15.61

Samsung ≫ Fgn2222-sa Version-

Samsung ≫ Fgn2212-sa Firmware Version < 1.15.61

Samsung ≫ Fgn2212-sa Version-

Samsung ≫ Fgn2122-cd Firmware Version < 1.15.61

Samsung ≫ Fgn2122-cd Version-

Samsung ≫ Fgn2222-cd Firmware Version < 1.15.61

Samsung ≫ Fgn2222-cd Version-

Samsung ≫ Fgn2212-cd Firmware Version < 1.15.61

Samsung ≫ Fgn2212-cd Version-

Samsung ≫ Fgn2222a-sa Firmware Version < 1.15.61

Samsung ≫ Fgn2222a-sa Version-

Samsung ≫ Fgn2122a-sa Firmware Version < 1.15.61

Samsung ≫ Fgn2122a-sa Version-

Samsung ≫ Fgn2122a-cd Firmware Version < 1.15.61

Samsung ≫ Fgn2122a-cd Version-

Samsung ≫ Fgn2222a-cd Firmware Version < 1.15.61

Samsung ≫ Fgn2222a-cd Version-

Samsung ≫ Fgn3132a-sa Firmware Version < 2.12.105

Samsung ≫ Fgn3132a-sa Version-

Samsung ≫ Fgn3132a-c Firmware Version < 2.12.105

Samsung ≫ Fgn3132a-c Version-

Samsung ≫ Fgn3232a-sa Firmware Version < 2.12.105

Samsung ≫ Fgn3232a-sa Version-

Samsung ≫ Fgn3232a-c Firmware Version < 2.12.105

Samsung ≫ Fgn3232a-c Version-

Samsung ≫ Fgn4321-sa Firmware Version < 1.00.06

Samsung ≫ Fgn4321-sa Version-

Samsung ≫ Fgn4321-cd Firmware Version < 1.00.06

Samsung ≫ Fgn4321-cd Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.491

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://help.harmanpro.com/n1115-svsi-firmware

Release Notes

https://help.harmanpro.com/n1x22a-updater

Release Notes

https://help.harmanpro.com/n1x33-updater

Release Notes

https://help.harmanpro.com/n1x33a-updater

Release Notes

https://help.harmanpro.com/n2x35-updater-hotfix

Release Notes

https://help.harmanpro.com/n2x35a-updater-hotfix

Release Notes