High severity8.1NVD Advisory· Published Sep 11, 2017· Updated May 13, 2026

CVE-2017-14262

Description

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.

Affected products

Samsung/Srn 1000 Firmware
cpe:2.3:o:samsung:srn_1000_firmware:-:*:*:*:*:*:*:*
Samsung/Srn 1670d Firmware
cpe:2.3:o:samsung:srn_1670d_firmware:-:*:*:*:*:*:*:*
Samsung/Srn 470d Firmware
cpe:2.3:o:samsung:srn_470d_firmware:-:*:*:*:*:*:*:*
Samsung/Srn 472s Firmware
cpe:2.3:o:samsung:srn_472s_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.017
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000