CVE-2023-38523

moderate-risk
Published 2023-07-20

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

Do I need to act?

-
0.42% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Fgn1115-Wp-Wh Firmware
Fgn1122-Sa Firmware
Fgn1122-Cd Firmware
Fgn1222-Sa Firmware
Fgn1222-Cd Firmware
Fgn1233-Sa Firmware
Fgn1133-Sa Firmware
Fgn1133-Cd Firmware
Fgn1233-Cd Firmware
Fgn1133A-Sa Firmware
Fgn1233A-Sa Firmware
Fgn1133A-Cd Firmware
Fgn1233A-Cd Firmware
Fgn2135-Sa Firmware
Fgn2235-Cd Firmware
Fgn2235-Sa Firmware
Fgn2135-Cd Firmware
Fgn2122-Sa Firmware
Fgn2222-Sa Firmware
Fgn2212-Sa Firmware

Affected Vendors

Samsung

References (22)

Release Notes https://help.harmanpro.com/n1115-svsi-firmware
Release Notes https://help.harmanpro.com/n1x22a-updater
Release Notes https://help.harmanpro.com/n1x33-updater
Release Notes https://help.harmanpro.com/n1x33a-updater
Release Notes https://help.harmanpro.com/n2x35-updater-hotfix
Release Notes https://help.harmanpro.com/n2x35a-updater-hotfix
Release Notes https://help.harmanpro.com/n2xx2-updater-hotfix
Release Notes https://help.harmanpro.com/n2xx2a-updater
Release Notes https://help.harmanpro.com/n3k-updater-hotfix
Release Notes https://help.harmanpro.com/svsi-n4321-firmware
Exploit https://wiki.notveg.ninja/blog/CVE-2023-38523/
Release Notes https://help.harmanpro.com/n1115-svsi-firmware
Release Notes https://help.harmanpro.com/n1x22a-updater
Release Notes https://help.harmanpro.com/n1x33-updater
Release Notes https://help.harmanpro.com/n1x33a-updater
Release Notes https://help.harmanpro.com/n2x35-updater-hotfix
Release Notes https://help.harmanpro.com/n2x35a-updater-hotfix
Release Notes https://help.harmanpro.com/n2xx2-updater-hotfix
Release Notes https://help.harmanpro.com/n2xx2a-updater
Release Notes https://help.harmanpro.com/n3k-updater-hotfix
and 2 more references
46
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 2/34 · Minimal
Exposure 23/34 · High