Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Samsung DVR Authentication Bypass
Information
Severity
Severity
High
Family
Family
Web application abuses
CVSSv2 Base
CVSSv2 Base
7.6
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:H/Au:N/C:C/I:C/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
10 years ago
Modified
Modified
5 years ago
Summary
The remote Samsung DVR is prone to an Authentication Bypass.
Insight
Insight
In most of the CGIs on the Samsung DVR, the session check is made in a wrong way, that allows to access protected pages simply putting an arbitrary cookie into the HTTP request.
Affected Software
Affected Software
Samsung DVR with firmware version <= 1.10.
Detection Method
Detection Method
Check if /cgi-bin/setup_user is accessible without authentication.
Solution
Solution
Ask the Vendor for an update.