CVE & CISA-KEV Catalog

CVE-2023-38523

MEDIUM
5.3
CVSS v3
NVD

Description

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

How to fix

Remediation Available
fgn1115-wp-wh firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1122-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1122-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1133-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1133-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1133a-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1133a-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1222-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1222-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1233-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1233-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1233a-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn1233a-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2122-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2122-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2122a-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2122a-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2135-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2135-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2212-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2212-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2222-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2222-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2222a-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2222a-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2235-cd firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn2235-sa firmwareNVD
Affected:< 1.15.61Fixed in:1.15.61CVE-2023-38523derived from NVD
fgn3132a-c firmwareNVD
Affected:< 2.12.105Fixed in:2.12.105CVE-2023-38523derived from NVD
fgn3132a-sa firmwareNVD
Affected:< 2.12.105Fixed in:2.12.105CVE-2023-38523derived from NVD
fgn3232a-c firmwareNVD
Affected:< 2.12.105Fixed in:2.12.105CVE-2023-38523derived from NVD
fgn3232a-sa firmwareNVD
Affected:< 2.12.105Fixed in:2.12.105CVE-2023-38523derived from NVD
fgn4321-cd firmwareNVD
Affected:< 1.00.06Fixed in:1.00.06CVE-2023-38523derived from NVD
fgn4321-sa firmwareNVD
Affected:< 1.00.06Fixed in:1.00.06CVE-2023-38523derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploit Intelligence

0.84%probability of exploitation in 30 days
53rdpercentile

Moderate risk: more likely to be exploited than 53% of all known CVEs.

References

Related Vulnerabilities

Other CWE-306 (Missing Authentication for Critical Function) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2017-10271High7.5100%KEV + Ransom-
CVE-2023-42793Critical9.8100%KEV + RansomFix
CVE-2025-3248Critical9.8100%KEVFix
CVE-2022-1388Critical9.8100%KEV + RansomFix
CVE-2021-37415Critical9.8100%KEV-
CVE-2023-21839High7.5100%KEV-
Embed a live status badge for CVE-2023-38523
CVE-2023-38523 severity badge

Markdown

[![CVE-2023-38523](https://tridentstack.com/cve/badge/CVE-2023-38523.svg)](https://tridentstack.com/cve/CVE-2023-38523)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-38523"><img src="https://tridentstack.com/cve/badge/CVE-2023-38523.svg" alt="CVE-2023-38523"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.