Lucene search

Hanwha_VisionCVELIST:CVE-2023-5038

HistoryJun 25, 2024 - 2:14 a.m.

CVE-2023-5038 Unauthenticated DoS

2024-06-2502:14:06

CWE-248

CWE-703

Hanwha_Vision

www.cve.org

cve-2023-5038

security researcher

flaw

unauthenticated

dos attack

camera

crafted url

web management page

patch firmware

manufacturer's report.

8.7 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer’s report for details and workarounds.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "A-Series, Q-Series, PNM-series Camera",
    "vendor": "Hanwha Vision Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to version 1.41.16, Prior to version 2.22.00"
      }
    ]
  }
]

References

www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf

8.7 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-5038