Hanwha-Security: Security Vulnerabilities
An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-09-05
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
CVSS Score
6.1
EPSS Score
0.017
Published
2018-06-14
Unsecured way of firmware update in Hanwha Techwin Smartcams
CVSS Score
9.8
EPSS Score
0.005
Published
2018-03-13
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams
CVSS Score
9.8
EPSS Score
0.003
Published
2018-03-13
An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams
CVSS Score
5.3
EPSS Score
0.003
Published
2018-03-13
Buffer overflow in Hanwha Techwin Smartcams
CVSS Score
9.8
EPSS Score
0.006
Published
2018-03-13
Remote code execution in Hanwha Techwin Smartcams
CVSS Score
9.8
EPSS Score
0.034
Published
2018-03-13
Authentication bypass in Hanwha Techwin Smartcams
CVSS Score
9.8
EPSS Score
0.005
Published
2018-03-13
Remote password change in Hanwha Techwin Smartcams
CVSS Score
9.8
EPSS Score
0.004
Published
2018-03-13
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams
CVSS Score
7.5
EPSS Score
0.004
Published
2018-03-13
Page 1