CVE-2018-11689
MEDIUMSamsung Smart Viewer and Hanwha DVR Web Viewer - Cross-Site Scripting via data3 Parameter
Title source: llmDescription
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
References (4)
Core 4
Core References
Exploit, Third Party Advisory, VDB Entry, URL Repurposed mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/542083/100/0/threaded
Third Party Advisory x_refsource_misc
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/bugtraq/2018/Jun/40
Scores
CVSS v3
6.1
EPSS
0.0056
EPSS Percentile
68.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (10)
hanwha-security/hrd-1641_firmware
< 1.14
hanwha-security/hrd-1642_firmware
< 1.16
hanwha-security/hrd-440_firmware
< 1.14
hanwha-security/hrd-442_firmware
< 1.16
hanwha-security/hrd-443_firmware
< 1.14
hanwha-security/hrd-840_firmware
< 1.14
hanwha-security/hrd-841_firmware
< 1.14
hanwha-security/hrd-842_firmware
< 1.16
hanwha-security/srd-1694u_firmware
< 1.14
samsung/smartviewer
Published
Jun 14, 2018
Tracked Since
Feb 18, 2026