An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.
CPE | Name | Operator | Version |
---|---|---|---|
srn-1673s_firmware | eq | < 201953 | |
srn-472s_firmware | eq | 1.7.190502 | |
srn-873s_firmware | eq | < 201953 |