Search criteria
12 vulnerabilities
CVE-2024-41882 (GCVE-0-2024-41882)
Vulnerability from cvelistv5 – Published: 2024-12-24 05:35 – Updated: 2025-10-01 01:55
VLAI?
Summary
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | XRN-420S |
Affected:
5.01.62 and prior versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T15:23:10.542245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T15:23:22.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XRN-420S",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "5.01.62 and prior versions"
}
]
}
],
"datePublic": "2024-12-24T05:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTeam ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot.\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T01:55:06.444Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack based buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-41882",
"datePublished": "2024-12-24T05:35:11.310Z",
"dateReserved": "2024-07-23T00:24:03.860Z",
"dateUpdated": "2025-10-01T01:55:06.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41883 (GCVE-0-2024-41883)
Vulnerability from cvelistv5 – Published: 2024-12-24 05:32 – Updated: 2024-12-24 15:23
VLAI?
Summary
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the
NVR
. An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | XRN-420S |
Affected:
5.01.62 and prior versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T15:23:44.295358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T15:23:56.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XRN-420S",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "5.01.62 and prior versions"
}
]
}
],
"datePublic": "2024-12-24T05:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTeam ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the \n\nNVR\n\n.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThe manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the \n\nNVR\n\n.\u00a0An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T05:32:41.711Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Null Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-41883",
"datePublished": "2024-12-24T05:32:41.711Z",
"dateReserved": "2024-07-23T00:24:03.861Z",
"dateUpdated": "2024-12-24T15:23:56.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41884 (GCVE-0-2024-41884)
Vulnerability from cvelistv5 – Published: 2024-12-24 05:30 – Updated: 2024-12-24 15:24
VLAI?
Summary
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | XRN-420S |
Affected:
5.01.62 and prior versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T15:24:16.914803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T15:24:24.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XRN-420S",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "5.01.62 and prior versions"
}
]
}
],
"datePublic": "2024-12-24T05:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTeam ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot.\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T05:30:41.603Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Null Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-41884",
"datePublished": "2024-12-24T05:30:41.603Z",
"dateReserved": "2024-07-23T00:24:03.861Z",
"dateUpdated": "2024-12-24T15:24:24.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41885 (GCVE-0-2024-41885)
Vulnerability from cvelistv5 – Published: 2024-12-24 05:27 – Updated: 2025-10-01 01:56
VLAI?
Summary
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
CWE
- CWE-547 - Use of Hard-coded, Security-relevant Constants
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | XRN-420S |
Affected:
5.01.62 and prior versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T15:24:43.632686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T15:24:55.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XRN-420S",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "5.01.62 and prior versions"
}
]
}
],
"datePublic": "2024-12-24T05:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTeam ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;The seed string for the encrypt key was hardcoding.\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0The seed string for the encrypt key was hardcoding.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-547",
"description": "CWE-547 Use of Hard-coded, Security-relevant Constants",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T01:56:42.604Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoding sensitive information",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-41885",
"datePublished": "2024-12-24T05:27:39.718Z",
"dateReserved": "2024-07-23T00:24:03.861Z",
"dateUpdated": "2025-10-01T01:56:42.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41886 (GCVE-0-2024-41886)
Vulnerability from cvelistv5 – Published: 2024-12-24 05:23 – Updated: 2025-10-01 01:48
VLAI?
Summary
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | XRN-420S |
Affected:
5.01.62 and prior versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T15:25:20.422985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T15:25:27.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XRN-420S",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "5.01.62 and prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTeam ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAn attacker could inject malformed data into url input parameters to reboot the NVR.\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0An attacker could inject malformed data into url input parameters to reboot the NVR.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T01:48:38.916Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-41886",
"datePublished": "2024-12-24T05:23:52.078Z",
"dateReserved": "2024-07-23T00:24:03.861Z",
"dateUpdated": "2025-10-01T01:48:38.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41887 (GCVE-0-2024-41887)
Vulnerability from cvelistv5 – Published: 2024-12-24 05:20 – Updated: 2025-10-01 01:52
VLAI?
Summary
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | XRN-420S |
Affected:
5.01.62 and prior versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T16:48:44.188757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T16:54:31.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XRN-420S",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "5.01.62 and prior versions"
}
]
}
],
"datePublic": "2024-12-24T05:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTeam ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory.\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T01:52:22.963Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Overwrite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-41887",
"datePublished": "2024-12-24T05:20:40.653Z",
"dateReserved": "2024-07-23T00:24:03.861Z",
"dateUpdated": "2025-10-01T01:52:22.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5038 (GCVE-0-2023-5038)
Vulnerability from cvelistv5 – Published: 2024-06-25 02:14 – Updated: 2024-08-02 07:44
VLAI?
Summary
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | A-Series, Q-Series, PNM-series Camera |
Affected:
Prior to version 1.41.16, Prior to version 2.22.00
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-c9022rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9000qb",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7002vd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-8082vt",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9002vq",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9022v",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9031rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9322vqp",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-12082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6011",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6021",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-c9022rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9000qb",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7002vd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-8082vt",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9002vq",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9022v",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9031rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9322vqp",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-12082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6011",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6021",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T16:44:21.978973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T23:04:59.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "A-Series, Q-Series, PNM-series Camera",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 1.41.16, Prior to version 2.22.00"
}
]
}
],
"datePublic": "2024-06-25T02:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003ebadmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:14:06.610Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated DoS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2023-5038",
"datePublished": "2024-06-25T02:14:06.610Z",
"dateReserved": "2023-09-18T06:00:29.464Z",
"dateUpdated": "2024-08-02T07:44:53.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6116 (GCVE-0-2023-6116)
Vulnerability from cvelistv5 – Published: 2024-04-26 07:23 – Updated: 2024-08-02 08:21
VLAI?
Summary
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
8.9 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | XRN-420S |
Affected:
5.01.52 and prior versions
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hanwhavision:xrn-420s:5.01.52:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-420s",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-26T13:16:56.098871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:01.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6116.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XRN-420S",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "5.01.52 and prior versions"
}
]
}
],
"datePublic": "2024-04-26T07:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eTeam ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nTeam ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T07:23:18.351Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6116.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution without authentication using stack overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2023-6116",
"datePublished": "2024-04-26T07:23:18.351Z",
"dateReserved": "2023-11-14T01:15:13.965Z",
"dateUpdated": "2024-08-02T08:21:17.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6096 (GCVE-0-2023-6096)
Vulnerability from cvelistv5 – Published: 2024-04-26 07:16 – Updated: 2024-08-02 08:21
VLAI?
Summary
Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
7.4 (High)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | HRX-1620 |
Affected:
3.05.62 and prior versions
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-2010",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-2010a",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-2011",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-2010",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-2010a",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-2011",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:hanwhavision:xrn-2011a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-2011a",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:xrn-3010a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-3010a",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:arn-3250:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arn-3250",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:xrn-810s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-810s",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:xrn-410s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-410s",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qrn-810:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qrn-810",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qrn-410:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qrn-410",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:hrx-1621:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hrx-1621",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:hrx-1620:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hrx-1620",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:hrx-821:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hrx-821",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:hrx-820:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hrx-820",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:hrx-421:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hrx-421",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:hrx-420:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hrx-420",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:xrn-420s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xrn-420s",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qrn-430s",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qrn-430s",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-26T16:12:56.278086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:54.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HRX-1620",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "3.05.62 and prior versions"
}
]
}
],
"datePublic": "2024-04-26T07:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eVladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003cbr\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nVladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T07:16:12.080Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "using a inappropriate encryption logic",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2023-6096",
"datePublished": "2024-04-26T07:16:12.080Z",
"dateReserved": "2023-11-13T09:07:04.294Z",
"dateUpdated": "2024-08-02T08:21:17.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6095 (GCVE-0-2023-6095)
Vulnerability from cvelistv5 – Published: 2024-04-26 07:09 – Updated: 2024-08-02 08:21
VLAI?
Summary
Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
8.9 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | HRX-1620 |
Affected:
3.05.62 and prior versions
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-30T15:33:48.703590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:21.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HRX-1620",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "3.05.62 and prior versions"
}
]
}
],
"datePublic": "2024-04-26T06:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eVladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nVladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T07:09:38.940Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution without authentication using memory overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2023-6095",
"datePublished": "2024-04-26T07:09:38.940Z",
"dateReserved": "2023-11-13T09:04:20.301Z",
"dateUpdated": "2024-08-02T08:21:17.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5747 (GCVE-0-2023-5747)
Vulnerability from cvelistv5 – Published: 2023-11-13 07:48 – Updated: 2024-08-02 08:07
VLAI?
Summary
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution."
Severity ?
7.2 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | PNV-A6081R |
Affected:
2.21.02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PNV-A6081R",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.21.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution.\""
}
],
"value": "Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution.\""
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T01:14:38.418Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection via wave install file",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2023-5747",
"datePublished": "2023-11-13T07:48:16.959Z",
"dateReserved": "2023-10-24T04:51:26.683Z",
"dateUpdated": "2024-08-02T08:07:32.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5037 (GCVE-0-2023-5037)
Vulnerability from cvelistv5 – Published: 2023-11-13 07:42 – Updated: 2024-08-02 07:44
VLAI?
Summary
badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hanwha Vision Co., Ltd. | A-Series, Q-Series, PNM-series Camera |
Affected:
Prior to version 1.41.16;Prior to version 2.22.00;
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-c9022rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9000qb",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7002vd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-8082vt",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9002vq",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9022v",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9031rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9322vqp",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-12082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6011",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6021",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T23:04:45.931319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T23:04:52.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "A-Series, Q-Series, PNM-series Camera",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 1.41.16;Prior to version 2.22.00;"
}
]
}
],
"datePublic": "2024-06-25T02:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003ebadmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:04:22.363Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2023-5037",
"datePublished": "2023-11-13T07:42:00.337Z",
"dateReserved": "2023-09-18T05:54:35.205Z",
"dateUpdated": "2024-08-02T07:44:53.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}