Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38523

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

Published

2023-07-20T19:15:10.793

Last Modified

2024-11-21T08:13:45.303

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	samsung	fgn1115-wp-wh_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1115-wp-wh	-	No
Operating System	samsung	fgn1122-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1122-sa	-	No
Operating System	samsung	fgn1122-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1122-cd	-	No
Operating System	samsung	fgn1222-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1222-sa	-	No
Operating System	samsung	fgn1222-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1222-cd	-	No
Operating System	samsung	fgn1233-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1233-sa	-	No
Operating System	samsung	fgn1133-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1133-sa	-	No
Operating System	samsung	fgn1133-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1133-cd	-	No
Operating System	samsung	fgn1233-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1233-cd	-	No
Operating System	samsung	fgn1133a-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1133a-sa	-	No
Operating System	samsung	fgn1233a-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1233a-sa	-	No
Operating System	samsung	fgn1133a-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1133a-cd	-	No
Operating System	samsung	fgn1233a-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn1233a-cd	-	No
Operating System	samsung	fgn2135-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2135-sa	-	No
Operating System	samsung	fgn2235-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2235-cd	-	No
Operating System	samsung	fgn2235-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2235-sa	-	No
Operating System	samsung	fgn2135-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2135-cd	-	No
Operating System	samsung	fgn2122-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2122-sa	-	No
Operating System	samsung	fgn2222-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2222-sa	-	No
Operating System	samsung	fgn2212-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2212-sa	-	No
Operating System	samsung	fgn2122-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2122-cd	-	No
Operating System	samsung	fgn2222-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2222-cd	-	No
Operating System	samsung	fgn2212-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2212-cd	-	No
Operating System	samsung	fgn2222a-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2222a-sa	-	No
Operating System	samsung	fgn2122a-sa_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2122a-sa	-	No
Operating System	samsung	fgn2122a-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2122a-cd	-	No
Operating System	samsung	fgn2222a-cd_firmware	< 1.15.61	Yes
Hardware	samsung	fgn2222a-cd	-	No
Operating System	samsung	fgn3132a-sa_firmware	< 2.12.105	Yes
Hardware	samsung	fgn3132a-sa	-	No
Operating System	samsung	fgn3132a-c_firmware	< 2.12.105	Yes
Hardware	samsung	fgn3132a-c	-	No
Operating System	samsung	fgn3232a-sa_firmware	< 2.12.105	Yes
Hardware	samsung	fgn3232a-sa	-	No
Operating System	samsung	fgn3232a-c_firmware	< 2.12.105	Yes
Hardware	samsung	fgn3232a-c	-	No
Operating System	samsung	fgn4321-sa_firmware	< 1.00.06	Yes
Hardware	samsung	fgn4321-sa	-	No
Operating System	samsung	fgn4321-cd_firmware	< 1.00.06	Yes
Hardware	samsung	fgn4321-cd	-	No

References

https://help.harmanpro.com/n1115-svsi-firmware Release Notes ([email protected])
https://help.harmanpro.com/n1x22a-updater Release Notes ([email protected])
https://help.harmanpro.com/n1x33-updater Release Notes ([email protected])
https://help.harmanpro.com/n1x33a-updater Release Notes ([email protected])
https://help.harmanpro.com/n2x35-updater-hotfix Release Notes ([email protected])
https://help.harmanpro.com/n2x35a-updater-hotfix Release Notes ([email protected])
https://help.harmanpro.com/n2xx2-updater-hotfix Release Notes ([email protected])
https://help.harmanpro.com/n2xx2a-updater Release Notes ([email protected])
https://help.harmanpro.com/n3k-updater-hotfix Release Notes ([email protected])
https://help.harmanpro.com/svsi-n4321-firmware Release Notes ([email protected])
https://wiki.notveg.ninja/blog/CVE-2023-38523/ Exploit, Third Party Advisory ([email protected])
https://help.harmanpro.com/n1115-svsi-firmware Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://help.harmanpro.com/n1x22a-updater Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://help.harmanpro.com/n1x33-updater Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://help.harmanpro.com/n1x33a-updater Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://help.harmanpro.com/n2x35-updater-hotfix Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://help.harmanpro.com/n2x35a-updater-hotfix Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://help.harmanpro.com/n2xx2-updater-hotfix Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://help.harmanpro.com/n2xx2a-updater Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://help.harmanpro.com/n3k-updater-hotfix Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://help.harmanpro.com/svsi-n4321-firmware Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.notveg.ninja/blog/CVE-2023-38523/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)