Lucene search

Hanwha_VisionCVELIST:CVE-2023-6096

HistoryApr 26, 2024 - 7:16 a.m.

CVE-2023-6096 using a inappropriate encryption logic

2024-04-2607:16:12

CWE-668

Hanwha_Vision

www.cve.org

cve-2023-6096

encryption logic

security flaw

patch firmware

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer’s report for details and workarounds.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HRX-1620",
    "vendor": "Hanwha Vision Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "3.05.62 and prior versions"
      }
    ]
  }
]

References

www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-6096