Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for HRX-1620 by Hanwha Vision Co., Ltd.

    CVE-2023-6096 (GCVE-0-2023-6096)

    Vulnerability from nvd – Published: 2024-04-26 07:16 – Updated: 2024-08-02 08:21
    VLAI
    Title
    using a inappropriate encryption logic
    Summary
    Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Hanwha Vision Co., Ltd. HRX-1620 Affected: 3.05.62 and prior versions
    Create a notification for this product.
    hanwhavision xrn-2010 Affected: *
        cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-2010a Affected: *
        cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-2011 Affected: *
        cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-2011a Affected: *
        cpe:2.3:a:hanwhavision:xrn-2011a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-3010a Affected: *
        cpe:2.3:h:hanwhavision:xrn-3010a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision arn-3250 Affected: *
        cpe:2.3:h:hanwhavision:arn-3250:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-810s Affected: *
        cpe:2.3:h:hanwhavision:xrn-810s:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-410s Affected: *
        cpe:2.3:h:hanwhavision:xrn-410s:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision qrn-810 Affected: *
        cpe:2.3:h:hanwhavision:qrn-810:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision qrn-410 Affected: *
        cpe:2.3:h:hanwhavision:qrn-410:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-1621 Affected: *
        cpe:2.3:h:hanwhavision:hrx-1621:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-1620 Affected: *
        cpe:2.3:h:hanwhavision:hrx-1620:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-821 Affected: *
        cpe:2.3:h:hanwhavision:hrx-821:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-820 Affected: *
        cpe:2.3:h:hanwhavision:hrx-820:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-421 Affected: *
        cpe:2.3:h:hanwhavision:hrx-421:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-420 Affected: *
        cpe:2.3:h:hanwhavision:hrx-420:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-420s Affected: *
        cpe:2.3:h:hanwhavision:xrn-420s:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision qrn-430s Affected: *
        cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-26 07:08
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2010",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2010a",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2011",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2010",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2010a",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2011",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2011a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2011a",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:xrn-3010a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-3010a",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:arn-3250:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "arn-3250",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:xrn-810s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-810s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:xrn-410s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-410s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:qrn-810:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qrn-810",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:qrn-410:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qrn-410",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-1621:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-1621",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-1620:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-1620",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-821:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-821",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-820:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-820",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-421:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-421",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-420:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-420",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:xrn-420s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-420s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qrn-430s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qrn-430s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6096",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-26T16:12:56.278086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:16:54.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HRX-1620",
              "vendor": "Hanwha Vision Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.05.62 and prior versions"
                }
              ]
            }
          ],
          "datePublic": "2024-04-26T07:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eVladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003cbr\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nVladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T07:16:12.080Z",
            "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
            "shortName": "Hanwha_Vision"
          },
          "references": [
            {
              "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "using a inappropriate encryption logic",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "assignerShortName": "Hanwha_Vision",
        "cveId": "CVE-2023-6096",
        "datePublished": "2024-04-26T07:16:12.080Z",
        "dateReserved": "2023-11-13T09:07:04.294Z",
        "dateUpdated": "2024-08-02T08:21:17.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6095 (GCVE-0-2023-6095)

    Vulnerability from nvd – Published: 2024-04-26 07:09 – Updated: 2024-08-02 08:21
    VLAI
    Title
    Remote Code Execution without authentication using memory overflow
    Summary
    Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Hanwha Vision Co., Ltd. HRX-1620 Affected: 3.05.62 and prior versions
    Create a notification for this product.
    hanwhavision ane-l6012r Affected: -
        cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-26 06:59
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ane-l6012r",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6095",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T15:33:48.703590Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:21.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HRX-1620",
              "vendor": "Hanwha Vision Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.05.62 and prior versions"
                }
              ]
            }
          ],
          "datePublic": "2024-04-26T06:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eVladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nVladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T07:09:38.940Z",
            "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
            "shortName": "Hanwha_Vision"
          },
          "references": [
            {
              "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Code Execution without authentication using memory overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "assignerShortName": "Hanwha_Vision",
        "cveId": "CVE-2023-6095",
        "datePublished": "2024-04-26T07:09:38.940Z",
        "dateReserved": "2023-11-13T09:04:20.301Z",
        "dateUpdated": "2024-08-02T08:21:17.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6096 (GCVE-0-2023-6096)

    Vulnerability from cvelistv5 – Published: 2024-04-26 07:16 – Updated: 2024-08-02 08:21
    VLAI
    Title
    using a inappropriate encryption logic
    Summary
    Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Hanwha Vision Co., Ltd. HRX-1620 Affected: 3.05.62 and prior versions
    Create a notification for this product.
    hanwhavision xrn-2010 Affected: *
        cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-2010a Affected: *
        cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-2011 Affected: *
        cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-2011a Affected: *
        cpe:2.3:a:hanwhavision:xrn-2011a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-3010a Affected: *
        cpe:2.3:h:hanwhavision:xrn-3010a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision arn-3250 Affected: *
        cpe:2.3:h:hanwhavision:arn-3250:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-810s Affected: *
        cpe:2.3:h:hanwhavision:xrn-810s:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-410s Affected: *
        cpe:2.3:h:hanwhavision:xrn-410s:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision qrn-810 Affected: *
        cpe:2.3:h:hanwhavision:qrn-810:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision qrn-410 Affected: *
        cpe:2.3:h:hanwhavision:qrn-410:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-1621 Affected: *
        cpe:2.3:h:hanwhavision:hrx-1621:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-1620 Affected: *
        cpe:2.3:h:hanwhavision:hrx-1620:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-821 Affected: *
        cpe:2.3:h:hanwhavision:hrx-821:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-820 Affected: *
        cpe:2.3:h:hanwhavision:hrx-820:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-421 Affected: *
        cpe:2.3:h:hanwhavision:hrx-421:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision hrx-420 Affected: *
        cpe:2.3:h:hanwhavision:hrx-420:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision xrn-420s Affected: *
        cpe:2.3:h:hanwhavision:xrn-420s:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hanwhavision qrn-430s Affected: *
        cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-26 07:08
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2010",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2010a",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2011",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2010",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2010a",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2011",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hanwhavision:xrn-2011a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-2011a",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:xrn-3010a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-3010a",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:arn-3250:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "arn-3250",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:xrn-810s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-810s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:xrn-410s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-410s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:qrn-810:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qrn-810",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:qrn-410:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qrn-410",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-1621:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-1621",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-1620:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-1620",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-821:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-821",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-820:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-820",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-421:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-421",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:hrx-420:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hrx-420",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:xrn-420s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xrn-420s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qrn-430s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qrn-430s",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6096",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-26T16:12:56.278086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:16:54.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HRX-1620",
              "vendor": "Hanwha Vision Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.05.62 and prior versions"
                }
              ]
            }
          ],
          "datePublic": "2024-04-26T07:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eVladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003cbr\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nVladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T07:16:12.080Z",
            "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
            "shortName": "Hanwha_Vision"
          },
          "references": [
            {
              "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "using a inappropriate encryption logic",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "assignerShortName": "Hanwha_Vision",
        "cveId": "CVE-2023-6096",
        "datePublished": "2024-04-26T07:16:12.080Z",
        "dateReserved": "2023-11-13T09:07:04.294Z",
        "dateUpdated": "2024-08-02T08:21:17.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6095 (GCVE-0-2023-6095)

    Vulnerability from cvelistv5 – Published: 2024-04-26 07:09 – Updated: 2024-08-02 08:21
    VLAI
    Title
    Remote Code Execution without authentication using memory overflow
    Summary
    Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Hanwha Vision Co., Ltd. HRX-1620 Affected: 3.05.62 and prior versions
    Create a notification for this product.
    hanwhavision ane-l6012r Affected: -
        cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-26 06:59
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ane-l6012r",
                "vendor": "hanwhavision",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6095",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T15:33:48.703590Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:21.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HRX-1620",
              "vendor": "Hanwha Vision Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.05.62 and prior versions"
                }
              ]
            }
          ],
          "datePublic": "2024-04-26T06:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eVladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nVladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T07:09:38.940Z",
            "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
            "shortName": "Hanwha_Vision"
          },
          "references": [
            {
              "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Code Execution without authentication using memory overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "assignerShortName": "Hanwha_Vision",
        "cveId": "CVE-2023-6095",
        "datePublished": "2024-04-26T07:09:38.940Z",
        "dateReserved": "2023-11-13T09:04:20.301Z",
        "dateUpdated": "2024-08-02T08:21:17.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }