Vulnerability Details : CVE-2023-38523
The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.
Products affected by CVE-2023-38523
- cpe:2.3:o:samsung:fgn1115-wp-wh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1122-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1122-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1222-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1222-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1233-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1133-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1133-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1233-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1133a-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1233a-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1133a-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn1233a-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2135-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2235-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2235-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2135-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2122-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2222-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2212-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2122-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2222-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2212-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2222a-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2122a-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2122a-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn2222a-cd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn3132a-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn3132a-c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn3232a-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn3232a-c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn4321-sa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:fgn4321-cd_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-38523
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-38523
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2023-38523
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-38523
-
https://help.harmanpro.com/n2x35-updater-hotfix
N2x35 Updater HotfixRelease Notes
-
https://help.harmanpro.com/n1x33-updater
N1x33 Updater HotfixRelease Notes
-
https://help.harmanpro.com/n1x22a-updater
N1x22A Updater HotfixRelease Notes
-
https://help.harmanpro.com/n3k-updater-hotfix
N3K Updater HotfixRelease Notes
-
https://help.harmanpro.com/n1115-svsi-firmware
N1115 SVSI FirmwareRelease Notes
-
https://help.harmanpro.com/n1x33a-updater
N1x33A Updater HotfixRelease Notes
-
https://help.harmanpro.com/n2xx2-updater-hotfix
N2xx2 Updater HotfixRelease Notes
-
https://wiki.notveg.ninja/blog/CVE-2023-38523/
CVE-2023-38523 - Wiki notnotnotvegExploit;Third Party Advisory
-
https://help.harmanpro.com/n2x35a-updater-hotfix
N2x35A Updater HotfixRelease Notes
-
https://help.harmanpro.com/n2xx2a-updater
N2xx2A Updater HotfixRelease Notes
-
https://help.harmanpro.com/svsi-n4321-firmware
SVSI N4321 FirmwareRelease Notes
Jump to