CVE-2023-38523

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38523
The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://help.harmanpro.com/n1115-svsi-firmware Release Notes
https://wiki.notveg.ninja/blog/CVE-2023-38523/ Exploit Third Party Advisory
https://help.harmanpro.com/n2x35-updater-hotfix Release Notes
https://help.harmanpro.com/n1x22a-updater Release Notes
https://help.harmanpro.com/svsi-n4321-firmware Release Notes
https://help.harmanpro.com/n2xx2a-updater Release Notes
https://help.harmanpro.com/n2xx2-updater-hotfix Release Notes
https://help.harmanpro.com/n1x33a-updater Release Notes
https://help.harmanpro.com/n1x33-updater Release Notes
https://help.harmanpro.com/n3k-updater-hotfix Release Notes
https://help.harmanpro.com/n2x35a-updater-hotfix Release Notes
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:samsung:fgn1115-wp-wh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1115-wp-wh:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:samsung:fgn1122-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1122-sa:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:samsung:fgn1122-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1122-cd:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:samsung:fgn1222-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1222-sa:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:samsung:fgn1222-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1222-cd:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:samsung:fgn1233-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233-sa:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:samsung:fgn1133-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133-sa:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:samsung:fgn1133-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133-cd:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:samsung:fgn1233-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233-cd:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:samsung:fgn1133a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133a-sa:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:samsung:fgn1233a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233a-sa:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:samsung:fgn1133a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133a-cd:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:samsung:fgn1233a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233a-cd:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:samsung:fgn2135-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2135-sa:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:samsung:fgn2235-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2235-cd:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:samsung:fgn2235-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2235-sa:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:samsung:fgn2135-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2135-cd:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:samsung:fgn2122-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122-sa:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:samsung:fgn2222-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222-sa:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:samsung:fgn2212-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2212-sa:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:samsung:fgn2122-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122-cd:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:samsung:fgn2222-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222-cd:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:samsung:fgn2212-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2212-cd:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:samsung:fgn2222a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222a-sa:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:samsung:fgn2122a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122a-sa:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:samsung:fgn2122a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122a-cd:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:samsung:fgn2222a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222a-cd:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:samsung:fgn3132a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3132a-sa:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:samsung:fgn3132a-c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3132a-c:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:samsung:fgn3232a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3232a-sa:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:samsung:fgn3232a-c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3232a-c:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:samsung:fgn4321-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn4321-sa:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:samsung:fgn4321-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn4321-cd:-:*:*:*:*:*:*:*
Information

Published : 2023-07-20 19:15

Updated : 2023-08-01 15:24

NVD link : CVE-2023-38523

Mitre link : CVE-2023-38523

JSON object : View

Products Affected

samsung

  • fgn1133a-cd_firmware
  • fgn2122-sa
  • fgn2122-cd_firmware
  • fgn2222-sa
  • fgn2122a-cd_firmware
  • fgn1133a-sa_firmware
  • fgn2222a-sa_firmware
  • fgn2222a-sa
  • fgn3132a-c_firmware
  • fgn3232a-sa
  • fgn4321-sa
  • fgn1233a-sa_firmware
  • fgn1222-sa
  • fgn1233-cd_firmware
  • fgn1133a-cd
  • fgn3132a-sa_firmware
  • fgn1122-cd_firmware
  • fgn4321-cd
  • fgn1233a-cd
  • fgn1122-sa_firmware
  • fgn1115-wp-wh_firmware
  • fgn1133-cd
  • fgn2122a-cd
  • fgn1233a-sa
  • fgn2212-cd_firmware
  • fgn2235-sa_firmware
  • fgn2235-cd_firmware
  • fgn1222-sa_firmware
  • fgn2235-cd
  • fgn2212-sa_firmware
  • fgn1122-cd
  • fgn2122-cd
  • fgn1122-sa
  • fgn1222-cd
  • fgn3232a-c_firmware
  • fgn3132a-sa
  • fgn2222a-cd_firmware
  • fgn2135-cd
  • fgn3232a-c
  • fgn2212-cd
  • fgn1233-sa_firmware
  • fgn2122-sa_firmware
  • fgn1133a-sa
  • fgn1222-cd_firmware
  • fgn2135-sa_firmware
  • fgn2222a-cd
  • fgn2135-cd_firmware
  • fgn2135-sa
  • fgn1233-sa
  • fgn1115-wp-wh
  • fgn1133-cd_firmware
  • fgn1133-sa_firmware
  • fgn2122a-sa
  • fgn2212-sa
  • fgn2122a-sa_firmware
  • fgn3132a-c
  • fgn3232a-sa_firmware
  • fgn1233-cd
  • fgn2222-sa_firmware
  • fgn4321-cd_firmware
  • fgn2235-sa
  • fgn1133-sa
  • fgn4321-sa_firmware
  • fgn2222-cd
  • fgn2222-cd_firmware
  • fgn1233a-cd_firmware
CWE
CWE-306

Missing Authentication for Critical Function