CVE-2018-11689

Name of the Vulnerable Software and Affected Versions Hanwha Web Viewer version 2.17 Samsung Web Viewer (affected versions not specified)

Description The issue affects the Web Viewer for Hanwha DVR and Smart Viewer in Samsung Web Viewer for Samsung DVR, allowing for XSS attacks. The vulnerability can be exploited via the /cgi-bin/webviewer login page API endpoint, specifically through the data3 parameter.

Recommendations For Hanwha Web Viewer version 2.17, avoid using the data3 parameter in the /cgi-bin/webviewer login page API endpoint until the issue is resolved. For Samsung Web Viewer, restrict access to the /cgi-bin/webviewer login page API endpoint to minimize the risk of exploitation, as the affected versions are not specified. At the moment, there is no information about a newer version that contains a fix for this vulnerability.