PT-2023-26499 · Samsung · Samsung Harman Amx N-Series N3000 Video Encoder/Decoder+6

Notnotnotveg

·

Publicado

2023-07-20

·

Atualizado

2023-08-01

·

CVE-2023-38523

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Samsung Harman AMX N-Series N1115 Wallplate Video Encoder versions prior to 1.15.61 Samsung Harman AMX N-Series N1x22A Video Encoder/Decoder versions prior to 1.15.61 Samsung Harman AMX N-Series N1x33A Video Encoder/Decoder versions prior to 1.15.61 Samsung Harman AMX N-Series N1x33 Video Encoder/Decoder versions prior to 1.15.61 Samsung Harman AMX N-Series N2x35 Video Encoder/Decoder versions prior to 1.15.61 Samsung Harman AMX N-Series N2x35A Video Encoder/Decoder versions prior to 1.15.61 Samsung Harman AMX N-Series N2xx2 Video Encoder/Decoder versions prior to 1.15.61 Samsung Harman AMX N-Series N2xx2A Video Encoder/Decoder versions prior to 1.15.61 Samsung Harman AMX N-Series N3000 Video Encoder/Decoder versions prior to 2.12.105 Samsung Harman AMX N-Series N4321 Audio Transceiver versions prior to 1.00.06
Description The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory without authentication, exposing sensitive information such as command history and screenshots of files being processed.
Recommendations For Samsung Harman AMX N-Series N1115 Wallplate Video Encoder versions prior to 1.15.61, update to version 1.15.61 or later. For Samsung Harman AMX N-Series N1x22A Video Encoder/Decoder versions prior to 1.15.61, update to version 1.15.61 or later. For Samsung Harman AMX N-Series N1x33A Video Encoder/Decoder versions prior to 1.15.61, update to version 1.15.61 or later. For Samsung Harman AMX N-Series N1x33 Video Encoder/Decoder versions prior to 1.15.61, update to version 1.15.61 or later. For Samsung Harman AMX N-Series N2x35 Video Encoder/Decoder versions prior to 1.15.61, update to version 1.15.61 or later. For Samsung Harman AMX N-Series N2x35A Video Encoder/Decoder versions prior to 1.15.61, update to version 1.15.61 or later. For Samsung Harman AMX N-Series N2xx2 Video Encoder/Decoder versions prior to 1.15.61, update to version 1.15.61 or later. For Samsung Harman AMX N-Series N2xx2A Video Encoder/Decoder versions prior to 1.15.61, update to version 1.15.61 or later. For Samsung Harman AMX N-Series N3000 Video Encoder/Decoder versions prior to 2.12.105, update to version 2.12.105 or later. For Samsung Harman AMX N-Series N4321 Audio Transceiver versions prior to 1.00.06, update to version 1.00.06 or later.

Exploit

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306

Identificadores relacionados

CVE-2023-38523

Produtos afetados

Samsung Harman Amx N-Series N1115 Wallplate Video Encoder
Samsung Harman Amx N-Series N1X22A Video Encoder/Decoder
Samsung Harman Amx N-Series N1X33A Video Encoder/Decoder
Samsung Harman Amx N-Series N2X35A Video Encoder/Decoder
Samsung Harman Amx N-Series N2Xx2A Video Encoder/Decoder
Samsung Harman Amx N-Series N3000 Video Encoder/Decoder
Samsung Harman Amx N-Series N4321 Audio Transceiver