CWE-313: Cleartext Storage in a File or on Disk - CVE-2013-3585
Web Viewer for Samsung DVR stores user credentials in plaintext allowing an attacker to parse saved credentials on the user setup webpage.
A remote unauthenticated attacker may be able to retrieve the device's administrator password, allowing them to directly access the device's configuration web page or system password configuration files.
Apply an Update
Restrict access to the Samsung Web Viewer for Samsung DVR interface
Thanks to Andrey Bezborodov for reporting this vulnerability.
This document was written by Adam Rauf.