Headline
CVE-2023-38523: N1115 SVSI Firmware
The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.
Product Name: N-Series N1115 Wallplate Video Encoder
FG #: FGN1115-WP-WH (NMX-ENC-N1115-WP)
Version: v1.15.64
Release Date: 03/16/2023
----------------------------------------------------------
1. Prerequisites
----------------------------------------------------------
- None
----------------------------------------------------------
2. Revision History
----------------------------------------------------------
Version 03/16/2023 (v1.5.64)
• Fixed improper SAP discovery packet showing in firmware versions 1.15.61, 1.15.62, 1.15.63
Version 02/20/2023 (v1.5.63)
• added socket reset in event of network communication seize.
Version 02/14/2023 (v1.5.62)
• Updated security for webpage
Version 02/02/2023 (v1.5.61)
• Removed /tmp folder access from webpage
Version 1/17/2023 (v1.15.60)
• Added a new IR command, for directTV ir control using netlinx to N2030
setSettings:irHexAlt:1 - to change the default IR to control directTV boxes
setSettings:irHexAlt:0 - to change back to the default IR control
Version 10/27/2022 (v1.55.57)
• Correted an issue with AES67 and clocking.
Version 10/24/2022 (v1.15.56)
• change N1115 hdmi input detection logic
• Fixed encoder randomly losing audio over time
Version 7/22/2022 (v1.15.55)
• remove VLAN options from N1115 webpage
• PoE change to Class 3
Version 6/28/2022 (v1.15.52)
• Model hostname change for LLDP report
Version 5/13/2022 (v1.15.51)
• Fixes encoder HDMI detect issues with several sources
Version 10/08/2021 (v1.15.49)
• Fix AES67 streaming to Qsys devices
Version 09/21/2021 (v1.15.48)
• Fix stream changing issue
Version 05/18/2021 (v1.15.46)
• Fix DHCP when updating latest firmware from factory firmware
Version 01/21/2021 (v1.15.45)
• Fix analog audio stops after volume commands
Version 01/08/2021 (v1.15.44)
• N1xxx updated number of slides per playlist to 8
Version 4/22/2020 (v1.15.41)
• LLDP enables class 3 power for POE switches
Version 2/7/2020 (v1.15.40)
• Add new command to create dhcp timing extended
New command "setSettings:dhcpAgain:300", after
300 seconds after the unit assigns itself an auto IP, the DHCP process
would start again. User can modify the 300 to value they need.
Version 12/13/2019 (v1.15.39)
• Fix random dhcp failure after firmware update
Version 11/15/2019 (v1.15.38)
• Fix commands not working randomly after a reboot
Version 10/31/2019 (v1.15.37)
• Fix HDMI locking issue with certain laptops
Version 10/03/2019 (v1.15.34)
• Fix various issues with VLAN tagging on Decoder
Version 10/03/2019 (v1.15.31)
• Introduced VLAN tagging on Decoder
Version 07/18/2019 (v1.15.26)
• Fixed version reporting incorrect on webpage.
Version 07/10/2019 (v1.15.25)
• Remove VLAN Tagging for decoders for verification of encoders
Version 07/10/2019 (v1.15.24)
• Fixed AES67 Packet Length with VLAN Tagging on N2000A Encoders
Version 07/10/2019 (v1.15.23)
• Fixed AES67 Packet Length with VLAN Tagging on N1000A Encoders
Version 05/20/2019 (v1.15.21)
• Added vlan tagging for video/audio on decoders
Version 6/6/2018 (v1.15.18)
• Added a new optional IR method
• Add commands for relative volume controls
• Netlinx bugfix - buffer RS-232 serial responses to minimize data events
• Fix analog audio left/right bleed issue
• Improved IR output compatiblility
• Disable SSL ciphers in TLS1.1 and older
• Improve detection of audio codec ESD event
• Add option ‘Resync HDMI on Live Play’ for compatibility with some displays
• Improve handling of serial data
• Correct issue with video artifacts
• Improve audio codec ESD resilience
• Updated web security to fix vulnerabilities
• Correct AES67 audio compatibility with QSC Core
• NetLinx bugfixes
• Add support for Samsung Touchpanel
• NetLinx bugfixes
• Correct playback of multichannel AES67 audio
• Corrected an issue with 1080i resolution
Version 9/8/2017 (v1.15.7):
• Corrected an issue with 1080i resolution
Version 9/8/2017 (v1.15.6):
• Fix potential issue where Hostplay can fail.
Version 8/31/2017 (v1.15.5)
• Improved camera standby support
• Improved detection of DVI vs. HDMI audio on certain sources
• AES67 defaults to port 5004 on factory restore
Version 8/29/2017 (v1.15.4)
• Added Stream Loss Action on web page and select None, HDMI Disable, or Standby mode
• Audio codec recovers from ESD faster
• AES67 limited to 239.x.x.x addresses
Version 8/2/2017 (v1.15.2)
• Netlinx 0.0.32: Defaults to RXON to automatically handle string responses
• Added additional HID touchscreens support
• Interleaved audio streams output correctly when in MPC mode
Version 7/19/2017 (v1.15.1)
• Improved handling of video sources in standby
Version 7/17/2017 (v1.15.0)
• Added ‘Display Hostplay on No Input’ feature that turns off encoder transmit when no input detected
• Added ‘Disable HDCP Adveristing’ feature that no longer provides HDCP negotiation on encoder input
Version 7/13/2017 (v1.14.15)
• IR compatibility mode added for support of Foxtel devices
• Host play for Non Supported Mode no longer forces a restart every 30 seconds
• Netlinx 0.0.30: Bug fix
• Added additional touchscreen support
Known bug(s): 1080i is currently encoding incorrectly. Do not use this intermediate update on 1080i based installs.
Version 6/26/2017 (v1.14.14)
• Improved ability for audio codec to recovery from ESD/shock
Version 6/14/2017 (v1.14.13)
• Microphone bias added and default bias is now OFF
Version 4/03/2017 (v1.14.11b)
• Correct time synchronization handling
Version 4/03/2017 (v1.14.11)
• Netlinx - Correct display of Svsi devices in Netlinx master webpage
• Netlinx - Correct handling of 1024 byte buffered RS-232 Rx data
• Netlinx- add VIDOUT_ON-[ON/OFF], modify VIOUT_MUTE to send/disable avmute
• Netlinx- correct truncation of getStatus API response.
• Increase KVM report size for Sharp touchpanel
----------------------------------------------------------
3. Known Issues
----------------------------------------------------------
• 7.1 audio rear and surround channels are distorted when MPC mode is disabled.