1. Home
  2. CVE Database
  3. CVE-2017-14262
HIGH · 8.1

CVE-2017-14262

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUse...

Vulnerability Description

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SamsungSrn 1670D Firmware-
SamsungSrn 1670D-
SamsungSrn 1000 Firmware-
SamsungSrn 1000-
SamsungSrn 472S Firmware-
SamsungSrn 472S-
SamsungSrn 470D Firmware-
SamsungSrn 470D-

Related Weaknesses (CWE)

CWE-326

References

FAQ

What is CVE-2017-14262?

CVE-2017-14262 is a vulnerability with a CVSS score of 8.1 (HIGH). On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUse...

How severe is CVE-2017-14262?

CVE-2017-14262 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-14262?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Srn 1670D Firmware, Samsung Srn 1670D, Samsung Srn 1000 Firmware, Samsung Srn 1000, Samsung Srn 472S Firmware.