CVE-2023-38523

Name: CVE-2023-38523
Creator: NVD / NIST
Published: 2023-07-20T19:15:10.793+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 0.84%

Last modified Jun 17, 2026

CVE-2023-38523 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.. EPSS estimates a 0.84% chance of exploitation in the next 30 days.

Description

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.84%

53.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-306

Affected Software

Vendor	Product	Versions
Samsung	Fgn1115-Wp-Wh Firmware	< 1.15.61
Samsung	Fgn1122-Sa Firmware	< 1.15.61
Samsung	Fgn1122-Cd Firmware	< 1.15.61
Samsung	Fgn1222-Sa Firmware	< 1.15.61
Samsung	Fgn1222-Cd Firmware	< 1.15.61
Samsung	Fgn1233-Sa Firmware	< 1.15.61
Samsung	Fgn1133-Sa Firmware	< 1.15.61
Samsung	Fgn1133-Cd Firmware	< 1.15.61
Samsung	Fgn1233-Cd Firmware	< 1.15.61
Samsung	Fgn1133a-Sa Firmware	< 1.15.61
Samsung	Fgn1233a-Sa Firmware	< 1.15.61
Samsung	Fgn1133a-Cd Firmware	< 1.15.61
Samsung	Fgn1233a-Cd Firmware	< 1.15.61
Samsung	Fgn2135-Sa Firmware	< 1.15.61
Samsung	Fgn2235-Cd Firmware	< 1.15.61
Samsung	Fgn2235-Sa Firmware	< 1.15.61
Samsung	Fgn2135-Cd Firmware	< 1.15.61
Samsung	Fgn2122-Sa Firmware	< 1.15.61
Samsung	Fgn2222-Sa Firmware	< 1.15.61
Samsung	Fgn2212-Sa Firmware	< 1.15.61
Samsung	Fgn2122-Cd Firmware	< 1.15.61
Samsung	Fgn2222-Cd Firmware	< 1.15.61
Samsung	Fgn2212-Cd Firmware	< 1.15.61
Samsung	Fgn2222a-Sa Firmware	< 1.15.61
Samsung	Fgn2122a-Sa Firmware	< 1.15.61
Samsung	Fgn2122a-Cd Firmware	< 1.15.61
Samsung	Fgn2222a-Cd Firmware	< 1.15.61
Samsung	Fgn3132a-Sa Firmware	< 2.12.105
Samsung	Fgn3132a-C Firmware	< 2.12.105
Samsung	Fgn3232a-Sa Firmware	< 2.12.105
Samsung	Fgn3232a-C Firmware	< 2.12.105
Samsung	Fgn4321-Sa Firmware	< 1.00.06
Samsung	Fgn4321-Cd Firmware	< 1.00.06

References

https://help.harmanpro.com/n1115-svsi-firmwareRelease Notes
https://help.harmanpro.com/n1x22a-updaterRelease Notes
https://help.harmanpro.com/n1x33-updaterRelease Notes
https://help.harmanpro.com/n1x33a-updaterRelease Notes
https://help.harmanpro.com/n2x35-updater-hotfixRelease Notes
https://help.harmanpro.com/n2x35a-updater-hotfixRelease Notes
https://help.harmanpro.com/n2xx2-updater-hotfixRelease Notes
https://help.harmanpro.com/n2xx2a-updaterRelease Notes
https://help.harmanpro.com/n3k-updater-hotfixRelease Notes
https://help.harmanpro.com/svsi-n4321-firmwareRelease Notes
https://wiki.notveg.ninja/blog/CVE-2023-38523/Exploit, Third Party Advisory
https://help.harmanpro.com/n1115-svsi-firmwareRelease Notes
https://help.harmanpro.com/n1x22a-updaterRelease Notes
https://help.harmanpro.com/n1x33-updaterRelease Notes
https://help.harmanpro.com/n1x33a-updaterRelease Notes
https://help.harmanpro.com/n2x35-updater-hotfixRelease Notes
https://help.harmanpro.com/n2x35a-updater-hotfixRelease Notes
https://help.harmanpro.com/n2xx2-updater-hotfixRelease Notes
https://help.harmanpro.com/n2xx2a-updaterRelease Notes
https://help.harmanpro.com/n3k-updater-hotfixRelease Notes
https://help.harmanpro.com/svsi-n4321-firmwareRelease Notes
https://wiki.notveg.ninja/blog/CVE-2023-38523/Exploit, Third Party Advisory

Timeline

Published: Jul 20, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-38523?

How severe is CVE-2023-38523?

CVE-2023-38523 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.84% probability of exploitation in the next 30 days.

How do I fix CVE-2023-38523?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-38523?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST