4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 Medium
AI Score
Confidence
High
0.095 Low
EPSS
Percentile
94.8%
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi- bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502281);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/27");
script_cve_id("CVE-2018-11689");
script_name(english:"Hanwha Vision Web Viewer Cross-site Scripting (CVE-2018-11689)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer
for Samsung DVR are vulnerable to XSS via the /cgi-
bin/webviewer_login_page data3 parameter. (The same Web Viewer
codebase was transitioned from Samsung to Hanwha.)
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.hanwhavision.com/wp-content/uploads/2021/10/DVR-Vulnerability-Report_CVE-2018-11689.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2076d2c8");
script_set_attribute(attribute:"see_also", value:"https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/542083/100/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2018/Jun/40");
# https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?00411a59");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11689");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(79);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/14");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/26");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwha-security:hrd-1641_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwha-security:hrd-1642_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwha-security:hrd-440_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwha-security:hrd-442_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwha-security:hrd-443_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwha-security:hrd-840_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwha-security:hrd-841_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwha-security:hrd-842_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/HanwhaVision");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/HanwhaVision');
var asset = tenable_ot::assets::get(vendor:'HanwhaVision');
var vuln_cpes = {
"cpe:/o:hanwha-security:hrd-1642_firmware" :
{"versionEndIncluding" : "1.16", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwha-security:hrd-842_firmware" :
{"versionEndIncluding" : "1.16", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwha-security:hrd-442_firmware" :
{"versionEndIncluding" : "1.16", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwha-security:hrd-1641_firmware" :
{"versionEndIncluding" : "1.14", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwha-security:hrd-841_firmware" :
{"versionEndIncluding" : "1.14", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwha-security:hrd-840_firmware" :
{"versionEndIncluding" : "1.14", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwha-security:hrd-440_firmware" :
{"versionEndIncluding" : "1.14", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwha-security:hrd-443_firmware" :
{"versionEndIncluding" : "1.14", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwha-security:srd-1694u_firmware" :
{"versionEndIncluding" : "1.14", "family" : "HanwhaVideoRecorders"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
hanwha-security | hrd-841_firmware | cpe:/o:hanwha-security:hrd-841_firmware | |
hanwha-security | hrd-443_firmware | cpe:/o:hanwha-security:hrd-443_firmware | |
hanwha-security | hrd-1641_firmware | cpe:/o:hanwha-security:hrd-1641_firmware | |
hanwha-security | hrd-842_firmware | cpe:/o:hanwha-security:hrd-842_firmware | |
hanwha-security | hrd-442_firmware | cpe:/o:hanwha-security:hrd-442_firmware | |
hanwha-security | hrd-440_firmware | cpe:/o:hanwha-security:hrd-440_firmware | |
hanwha-security | hrd-1642_firmware | cpe:/o:hanwha-security:hrd-1642_firmware | |
hanwha-security | hrd-840_firmware | cpe:/o:hanwha-security:hrd-840_firmware |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 Medium
AI Score
Confidence
High
0.095 Low
EPSS
Percentile
94.8%