Andrey Bezbodorov

**Name of the Vulnerable Software and Affected Versions** Samsung Web Viewer for Samsung DVR devices (affected versions not specified) **Description** The issue allows context-dependent attackers to obtain sensitive information. This can be achieved via two vectors: (1) direct access to a file or (2) the user-setup web page, due to the storage of credentials in cleartext. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Web Viewer for Samsung DVR devices (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication by using an arbitrary SessionID value in a cookie. No information is available about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.