Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-38523: N1115 SVSI Firmware

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

CVE
#vulnerability#web#samsung#auth#sap#ssl

Product Name: N-Series N1115 Wallplate Video Encoder

FG #: FGN1115-WP-WH (NMX-ENC-N1115-WP)

Version: v1.15.64

Release Date: 03/16/2023

----------------------------------------------------------

1. Prerequisites

----------------------------------------------------------

- None

----------------------------------------------------------

2. Revision History

----------------------------------------------------------

Version 03/16/2023 (v1.5.64)

• Fixed improper SAP discovery packet showing in firmware versions 1.15.61, 1.15.62, 1.15.63

Version 02/20/2023 (v1.5.63)

• added socket reset in event of network communication seize.

Version 02/14/2023 (v1.5.62)

• Updated security for webpage

Version 02/02/2023 (v1.5.61)

• Removed /tmp folder access from webpage

Version 1/17/2023 (v1.15.60)

• Added a new IR command, for directTV ir control using netlinx to N2030

setSettings:irHexAlt:1 - to change the default IR to control directTV boxes

setSettings:irHexAlt:0 - to change back to the default IR control

Version 10/27/2022 (v1.55.57)

• Correted an issue with AES67 and clocking.

Version 10/24/2022 (v1.15.56)

• change N1115 hdmi input detection logic

• Fixed encoder randomly losing audio over time

Version 7/22/2022 (v1.15.55)

• remove VLAN options from N1115 webpage

• PoE change to Class 3

Version 6/28/2022 (v1.15.52)

• Model hostname change for LLDP report

Version 5/13/2022 (v1.15.51)

• Fixes encoder HDMI detect issues with several sources

Version 10/08/2021 (v1.15.49)

• Fix AES67 streaming to Qsys devices

Version 09/21/2021 (v1.15.48)

• Fix stream changing issue

Version 05/18/2021 (v1.15.46)

• Fix DHCP when updating latest firmware from factory firmware

Version 01/21/2021 (v1.15.45)

• Fix analog audio stops after volume commands

Version 01/08/2021 (v1.15.44)

• N1xxx updated number of slides per playlist to 8

Version 4/22/2020 (v1.15.41)

• LLDP enables class 3 power for POE switches

Version 2/7/2020 (v1.15.40)

• Add new command to create dhcp timing extended

New command "setSettings:dhcpAgain:300", after

300 seconds after the unit assigns itself an auto IP, the DHCP process

would start again.  User can modify the 300 to value they need.

Version 12/13/2019 (v1.15.39)

• Fix random dhcp failure after firmware update

Version 11/15/2019 (v1.15.38)

• Fix commands not working randomly after a reboot

Version 10/31/2019 (v1.15.37)

• Fix HDMI locking issue with certain laptops

Version 10/03/2019 (v1.15.34)

• Fix various issues with VLAN tagging on Decoder

Version 10/03/2019 (v1.15.31)

• Introduced VLAN tagging on Decoder

Version 07/18/2019 (v1.15.26)

• Fixed version reporting incorrect on webpage.

Version 07/10/2019 (v1.15.25)

• Remove VLAN Tagging for decoders for verification of encoders

Version 07/10/2019 (v1.15.24)

• Fixed AES67 Packet Length with VLAN Tagging on N2000A Encoders

Version 07/10/2019 (v1.15.23)

• Fixed AES67 Packet Length with VLAN Tagging on N1000A Encoders

Version 05/20/2019 (v1.15.21)

• Added vlan tagging for video/audio on decoders

Version 6/6/2018 (v1.15.18)

• Added a new optional IR method

• Add commands for relative volume controls

• Netlinx bugfix - buffer RS-232 serial responses to minimize data events

• Fix analog audio left/right bleed issue

• Improved IR output compatiblility

• Disable SSL ciphers in TLS1.1 and older

• Improve detection of audio codec ESD event

• Add option ‘Resync HDMI on Live Play’ for compatibility with some displays

• Improve handling of serial data

• Correct issue with video artifacts

• Improve audio codec ESD resilience

• Updated web security to fix vulnerabilities

• Correct AES67 audio compatibility with QSC Core

• NetLinx bugfixes

• Add support for Samsung Touchpanel

• NetLinx bugfixes

• Correct playback of multichannel AES67 audio

• Corrected an issue with 1080i resolution

Version 9/8/2017 (v1.15.7):

• Corrected an issue with 1080i resolution

Version 9/8/2017 (v1.15.6):

• Fix potential issue where Hostplay can fail.

Version 8/31/2017 (v1.15.5)

• Improved camera standby support

• Improved detection of DVI vs. HDMI audio on certain sources

• AES67 defaults to port 5004 on factory restore

Version 8/29/2017 (v1.15.4)

• Added Stream Loss Action on web page and select None, HDMI Disable, or Standby mode

• Audio codec recovers from ESD faster

• AES67 limited to 239.x.x.x addresses

Version 8/2/2017 (v1.15.2)

• Netlinx 0.0.32: Defaults to RXON to automatically handle string responses

• Added additional HID touchscreens support

• Interleaved audio streams output correctly when in MPC mode

Version 7/19/2017 (v1.15.1)

• Improved handling of video sources in standby

Version 7/17/2017 (v1.15.0)

• Added ‘Display Hostplay on No Input’ feature that turns off encoder transmit when no input detected

• Added ‘Disable HDCP Adveristing’ feature that no longer provides HDCP negotiation on encoder input

Version 7/13/2017 (v1.14.15)

• IR compatibility mode added for support of Foxtel devices

• Host play for Non Supported Mode no longer forces a restart every 30 seconds

• Netlinx 0.0.30: Bug fix

• Added additional touchscreen support

Known bug(s): 1080i is currently encoding incorrectly. Do not use this intermediate update on 1080i based installs.

Version 6/26/2017 (v1.14.14)

• Improved ability for audio codec to recovery from ESD/shock

Version 6/14/2017 (v1.14.13)

• Microphone bias added and default bias is now OFF

Version 4/03/2017 (v1.14.11b)

• Correct time synchronization handling

Version 4/03/2017 (v1.14.11)

• Netlinx - Correct display of Svsi devices in Netlinx master webpage

• Netlinx - Correct handling of 1024 byte buffered RS-232 Rx data

• Netlinx- add VIDOUT_ON-[ON/OFF], modify VIOUT_MUTE to send/disable avmute

• Netlinx- correct truncation of getStatus API response.

• Increase KVM report size for Sharp touchpanel

----------------------------------------------------------

3. Known Issues

----------------------------------------------------------

• 7.1 audio rear and surround channels are distorted when MPC mode is disabled.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907