CVE-2023-38523

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38523
The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://help.harmanpro.com/n1115-svsi-firmware Release Notes
https://help.harmanpro.com/n1x22a-updater Release Notes
https://help.harmanpro.com/n1x33-updater Release Notes
https://help.harmanpro.com/n1x33a-updater Release Notes
https://help.harmanpro.com/n2x35-updater-hotfix Release Notes
https://help.harmanpro.com/n2x35a-updater-hotfix Release Notes
https://help.harmanpro.com/n2xx2-updater-hotfix Release Notes
https://help.harmanpro.com/n2xx2a-updater Release Notes
https://help.harmanpro.com/n3k-updater-hotfix Release Notes
https://help.harmanpro.com/svsi-n4321-firmware Release Notes
https://wiki.notveg.ninja/blog/CVE-2023-38523/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:samsung:fgn1115-wp-wh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1115-wp-wh:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:samsung:fgn1122-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1122-sa:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:samsung:fgn1122-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1122-cd:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:samsung:fgn1222-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1222-sa:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:samsung:fgn1222-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1222-cd:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:samsung:fgn1233-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233-sa:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:samsung:fgn1133-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133-sa:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:samsung:fgn1133-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133-cd:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:samsung:fgn1233-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233-cd:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:samsung:fgn1133a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133a-sa:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:samsung:fgn1233a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233a-sa:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:samsung:fgn1133a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133a-cd:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:samsung:fgn1233a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233a-cd:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:samsung:fgn2135-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2135-sa:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:samsung:fgn2235-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2235-cd:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:samsung:fgn2235-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2235-sa:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:samsung:fgn2135-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2135-cd:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:samsung:fgn2122-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122-sa:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:samsung:fgn2222-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222-sa:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:samsung:fgn2212-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2212-sa:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:samsung:fgn2122-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122-cd:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:samsung:fgn2222-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222-cd:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:samsung:fgn2212-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2212-cd:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:samsung:fgn2222a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222a-sa:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:samsung:fgn2122a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122a-sa:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:samsung:fgn2122a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122a-cd:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:samsung:fgn2222a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222a-cd:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:samsung:fgn3132a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3132a-sa:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:samsung:fgn3132a-c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3132a-c:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:samsung:fgn3232a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3232a-sa:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:samsung:fgn3232a-c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3232a-c:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:samsung:fgn4321-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn4321-sa:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:samsung:fgn4321-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn4321-cd:-:*:*:*:*:*:*:*
History

01 Aug 2023, 15:24

Type Values Removed Values Added
First Time Samsung fgn2222a-sa Firmware
Samsung fgn3132a-sa
Samsung fgn1122-cd
Samsung fgn3132a-sa Firmware
Samsung fgn1233-cd
Samsung fgn2235-sa Firmware
Samsung fgn1115-wp-wh Firmware
Samsung fgn2212-cd
Samsung fgn1122-sa
Samsung fgn1233-sa
Samsung fgn1233-cd Firmware
Samsung fgn2222a-cd Firmware
Samsung fgn1233a-cd Firmware
Samsung fgn1133-cd
Samsung fgn2122a-cd Firmware
Samsung fgn4321-sa Firmware
Samsung fgn2135-cd
Samsung fgn1233-sa Firmware
Samsung fgn1133-sa
Samsung fgn1222-sa Firmware
Samsung fgn1233a-cd
Samsung fgn2122-sa Firmware
Samsung fgn2122-cd Firmware
Samsung fgn2122a-sa Firmware
Samsung fgn2222-cd
Samsung fgn1222-sa
Samsung fgn1233a-sa
Samsung fgn2212-cd Firmware
Samsung fgn4321-sa
Samsung fgn1122-sa Firmware
Samsung fgn1133a-cd
Samsung fgn1133a-sa
Samsung fgn2122a-cd
Samsung fgn2135-cd Firmware
Samsung fgn1115-wp-wh
Samsung fgn2135-sa Firmware
Samsung fgn2235-cd Firmware
Samsung fgn3132a-c Firmware
Samsung fgn2235-sa
Samsung fgn2122a-sa
Samsung fgn2222-cd Firmware
Samsung fgn2212-sa Firmware
Samsung fgn4321-cd Firmware
Samsung fgn4321-cd
Samsung
Samsung fgn2222a-sa
Samsung fgn1133-sa Firmware
Samsung fgn1133-cd Firmware
Samsung fgn2135-sa
Samsung fgn2222-sa
Samsung fgn1233a-sa Firmware
Samsung fgn2212-sa
Samsung fgn2122-cd
Samsung fgn3232a-sa Firmware
Samsung fgn2235-cd
Samsung fgn1222-cd
Samsung fgn2222a-cd
Samsung fgn2122-sa
Samsung fgn3132a-c
Samsung fgn2222-sa Firmware
Samsung fgn1222-cd Firmware
Samsung fgn3232a-sa
Samsung fgn1133a-sa Firmware
Samsung fgn1122-cd Firmware
Samsung fgn3232a-c Firmware
Samsung fgn3232a-c
Samsung fgn1133a-cd Firmware
References (MISC) https://wiki.notveg.ninja/blog/CVE-2023-38523/ - (MISC) https://wiki.notveg.ninja/blog/CVE-2023-38523/ - Exploit, Third Party Advisory
References (MISC) https://help.harmanpro.com/svsi-n4321-firmware - (MISC) https://help.harmanpro.com/svsi-n4321-firmware - Release Notes
References (MISC) https://help.harmanpro.com/n2xx2-updater-hotfix - (MISC) https://help.harmanpro.com/n2xx2-updater-hotfix - Release Notes
References (MISC) https://help.harmanpro.com/n1115-svsi-firmware - (MISC) https://help.harmanpro.com/n1115-svsi-firmware - Release Notes
References (MISC) https://help.harmanpro.com/n1x33a-updater - (MISC) https://help.harmanpro.com/n1x33a-updater - Release Notes
References (MISC) https://help.harmanpro.com/n1x33-updater - (MISC) https://help.harmanpro.com/n1x33-updater - Release Notes
References (MISC) https://help.harmanpro.com/n2x35a-updater-hotfix - (MISC) https://help.harmanpro.com/n2x35a-updater-hotfix - Release Notes
References (MISC) https://help.harmanpro.com/n3k-updater-hotfix - (MISC) https://help.harmanpro.com/n3k-updater-hotfix - Release Notes
References (MISC) https://help.harmanpro.com/n2x35-updater-hotfix - (MISC) https://help.harmanpro.com/n2x35-updater-hotfix - Release Notes
References (MISC) https://help.harmanpro.com/n2xx2a-updater - (MISC) https://help.harmanpro.com/n2xx2a-updater - Release Notes
References (MISC) https://help.harmanpro.com/n1x22a-updater - (MISC) https://help.harmanpro.com/n1x22a-updater - Release Notes
CWE CWE-306
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
CPE cpe:2.3:o:samsung:fgn2222a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1233-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2122-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2122a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3232a-c:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122-sa:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1133a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1233a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1122-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133a-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3232a-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133-cd:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn4321-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn3232a-c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233a-cd:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1233a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2135-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2235-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122-cd:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2212-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3132a-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1115-wp-wh:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222-sa:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2222a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1222-cd:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233-cd:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn4321-cd:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2212-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122a-sa:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn3132a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2235-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2222-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2135-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2222-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1122-cd:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1222-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1133a-cd:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2212-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2212-cd:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn3132a-c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2122a-cd:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1115-wp-wh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn4321-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1222-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn3132a-c:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222a-cd:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1133-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222a-sa:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1133-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1222-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2235-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2135-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2222-cd:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233-sa:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1133a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn3232a-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn1233a-sa:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2235-cd:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1233-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn4321-sa:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2122a-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:fgn2135-cd:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1122-sa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn1122-cd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:samsung:fgn2122-sa_firmware:*:*:*:*:*:*:*:*

20 Jul 2023, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-20 19:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-38523

Mitre link : CVE-2023-38523

CVE.ORG link : CVE-2023-38523

JSON object : View

Products Affected

samsung

  • fgn1133-cd
  • fgn1133-sa
  • fgn1233-sa
  • fgn2122-cd_firmware
  • fgn2212-sa
  • fgn3232a-sa_firmware
  • fgn2212-sa_firmware
  • fgn1115-wp-wh_firmware
  • fgn3232a-c
  • fgn2135-cd
  • fgn2212-cd
  • fgn1233a-cd_firmware
  • fgn1133a-cd
  • fgn2135-sa_firmware
  • fgn1122-cd_firmware
  • fgn1222-cd
  • fgn1133a-cd_firmware
  • fgn2212-cd_firmware
  • fgn3232a-sa
  • fgn1233-cd
  • fgn2222-sa
  • fgn1233-sa_firmware
  • fgn1122-cd
  • fgn2122-sa_firmware
  • fgn1233a-cd
  • fgn2222-sa_firmware
  • fgn2222a-sa_firmware
  • fgn1133-sa_firmware
  • fgn1122-sa
  • fgn3232a-c_firmware
  • fgn2135-cd_firmware
  • fgn1133a-sa
  • fgn1222-cd_firmware
  • fgn3132a-sa
  • fgn2135-sa
  • fgn2235-cd
  • fgn2122a-cd_firmware
  • fgn1122-sa_firmware
  • fgn2122a-cd
  • fgn1222-sa_firmware
  • fgn1133-cd_firmware
  • fgn2235-cd_firmware
  • fgn1222-sa
  • fgn3132a-c_firmware
  • fgn1133a-sa_firmware
  • fgn4321-sa
  • fgn2235-sa_firmware
  • fgn2122a-sa_firmware
  • fgn2122-sa
  • fgn2122-cd
  • fgn2235-sa
  • fgn3132a-sa_firmware
  • fgn2222a-cd_firmware
  • fgn2222a-cd
  • fgn4321-cd_firmware
  • fgn2122a-sa
  • fgn1233a-sa_firmware
  • fgn1233-cd_firmware
  • fgn2222-cd
  • fgn4321-cd
  • fgn2222a-sa
  • fgn1115-wp-wh
  • fgn3132a-c
  • fgn2222-cd_firmware
  • fgn4321-sa_firmware
  • fgn1233a-sa
CWE
CWE-306

Missing Authentication for Critical Function


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024