Search
Find a vulnerability
Search criteria
16 vulnerabilities found for qno-c8083r_firmware by hanwhavision
CVE-2024-54013 (GCVE-0-2024-54013)
Vulnerability from nvd – Published: 2026-04-28 07:06 – Updated: 2026-04-28 12:34
VLAI
Title
Authentication Bypass
Summary
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision | QND-8080R |
Affected:
0 , < 2.24.00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T12:34:15.429838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:34:26.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QND-8080R",
"vendor": "Hanwha Vision",
"versions": [
{
"lessThan": "2.24.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePenetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds\u003c/p\u003e"
}
],
"value": "Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T07:06:17.252Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-54013",
"datePublished": "2026-04-28T07:06:17.252Z",
"dateReserved": "2024-11-27T00:56:05.852Z",
"dateUpdated": "2026-04-28T12:34:26.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54012 (GCVE-0-2024-54012)
Vulnerability from nvd – Published: 2026-04-28 07:03 – Updated: 2026-04-28 12:35
VLAI
Title
Command Injection
Summary
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision | QND-8080R |
Affected:
0 , < 2.24.00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T12:35:19.812622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:35:28.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QND-8080R",
"vendor": "Hanwha Vision",
"versions": [
{
"lessThan": "2.24.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePenetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer\u0027s report for details and workarounds.\u003c/p\u003e"
}
],
"value": "Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T07:03:58.874Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-54012",
"datePublished": "2026-04-28T07:03:58.874Z",
"dateReserved": "2024-11-27T00:56:05.852Z",
"dateUpdated": "2026-04-28T12:35:28.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54011 (GCVE-0-2024-54011)
Vulnerability from nvd – Published: 2026-04-28 06:51 – Updated: 2026-04-28 12:28
VLAI
Title
Missing Error/Exception Handling
Summary
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper input validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision | QND-8080R |
Affected:
0 , < 2.24.00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T12:28:25.327161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:28:46.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QND-8080R",
"vendor": "Hanwha Vision",
"versions": [
{
"lessThan": "2.24.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePenetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests,\u0026nbsp;causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/p\u003e"
}
],
"value": "Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests,\u00a0causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T06:51:33.550Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Error/Exception Handling",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-54011",
"datePublished": "2026-04-28T06:51:33.550Z",
"dateReserved": "2024-11-27T00:56:05.852Z",
"dateUpdated": "2026-04-28T12:28:46.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8075 (GCVE-0-2025-8075)
Vulnerability from nvd – Published: 2025-12-26 04:31 – Updated: 2025-12-26 16:01
VLAI
Title
Improper Input Validation
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | QNV-C8012 |
Affected:
Prior to version 2.22.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T16:01:07.031195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T16:01:16.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNV-C8012",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 2.22.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user\u0027s browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user\u0027s browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:31:38.718Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-8075",
"datePublished": "2025-12-26T04:31:38.718Z",
"dateReserved": "2025-07-23T06:07:30.973Z",
"dateUpdated": "2025-12-26T16:01:16.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52601 (GCVE-0-2025-52601)
Vulnerability from nvd – Published: 2025-12-26 04:29 – Updated: 2025-12-26 19:27
VLAI
Title
Hardcoding sensitive information
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | Device Manager |
Affected:
prior to version 2.9.3.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T19:27:38.620344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T19:27:44.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Device Manager",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to version 2.9.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:29:25.830Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoding sensitive information",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-52601",
"datePublished": "2025-12-26T04:29:25.830Z",
"dateReserved": "2025-06-18T07:10:49.611Z",
"dateUpdated": "2025-12-26T19:27:44.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52600 (GCVE-0-2025-52600)
Vulnerability from nvd – Published: 2025-12-26 04:20 – Updated: 2025-12-26 14:50
VLAI
Title
Improper Input Validation
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the user's host PC.The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | QNV-C8012 |
Affected:
Prior to version 2.22.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T14:42:11.310664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T14:50:40.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNV-C8012",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 2.22.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\n\n\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the user\u0027s host PC.The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the user\u0027s host PC.The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:20:17.014Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-52600",
"datePublished": "2025-12-26T04:20:17.014Z",
"dateReserved": "2025-06-18T07:10:49.611Z",
"dateUpdated": "2025-12-26T14:50:40.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52599 (GCVE-0-2025-52599)
Vulnerability from nvd – Published: 2025-12-26 04:12 – Updated: 2025-12-26 15:15
VLAI
Title
Inadequate account permissions management
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | QNV-C8012 |
Affected:
Prior to version 2.22.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:12:40.665556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:15:17.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNV-C8012",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 2.22.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:12:37.550Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inadequate account permissions management",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-52599",
"datePublished": "2025-12-26T04:12:37.550Z",
"dateReserved": "2025-06-18T07:10:49.610Z",
"dateUpdated": "2025-12-26T15:15:17.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52598 (GCVE-0-2025-52598)
Vulnerability from nvd – Published: 2025-12-26 04:07 – Updated: 2025-12-26 15:15
VLAI
Title
Insufficient certificate validation
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | QNV-C8012 |
Affected:
Prior to version 2.22.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:12:31.184142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:15:22.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNV-C8012",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 2.22.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera\u0027s client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera\u0027s client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:07:19.958Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient certificate validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-52598",
"datePublished": "2025-12-26T04:07:19.958Z",
"dateReserved": "2025-06-18T07:10:49.610Z",
"dateUpdated": "2025-12-26T15:15:22.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54013 (GCVE-0-2024-54013)
Vulnerability from cvelistv5 – Published: 2026-04-28 07:06 – Updated: 2026-04-28 12:34
VLAI
Title
Authentication Bypass
Summary
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision | QND-8080R |
Affected:
0 , < 2.24.00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T12:34:15.429838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:34:26.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QND-8080R",
"vendor": "Hanwha Vision",
"versions": [
{
"lessThan": "2.24.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePenetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds\u003c/p\u003e"
}
],
"value": "Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T07:06:17.252Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-54013",
"datePublished": "2026-04-28T07:06:17.252Z",
"dateReserved": "2024-11-27T00:56:05.852Z",
"dateUpdated": "2026-04-28T12:34:26.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54012 (GCVE-0-2024-54012)
Vulnerability from cvelistv5 – Published: 2026-04-28 07:03 – Updated: 2026-04-28 12:35
VLAI
Title
Command Injection
Summary
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision | QND-8080R |
Affected:
0 , < 2.24.00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T12:35:19.812622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:35:28.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QND-8080R",
"vendor": "Hanwha Vision",
"versions": [
{
"lessThan": "2.24.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePenetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer\u0027s report for details and workarounds.\u003c/p\u003e"
}
],
"value": "Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T07:03:58.874Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-54012",
"datePublished": "2026-04-28T07:03:58.874Z",
"dateReserved": "2024-11-27T00:56:05.852Z",
"dateUpdated": "2026-04-28T12:35:28.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54011 (GCVE-0-2024-54011)
Vulnerability from cvelistv5 – Published: 2026-04-28 06:51 – Updated: 2026-04-28 12:28
VLAI
Title
Missing Error/Exception Handling
Summary
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper input validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision | QND-8080R |
Affected:
0 , < 2.24.00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T12:28:25.327161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:28:46.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QND-8080R",
"vendor": "Hanwha Vision",
"versions": [
{
"lessThan": "2.24.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePenetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests,\u0026nbsp;causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/p\u003e"
}
],
"value": "Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests,\u00a0causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T06:51:33.550Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Error/Exception Handling",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2024-54011",
"datePublished": "2026-04-28T06:51:33.550Z",
"dateReserved": "2024-11-27T00:56:05.852Z",
"dateUpdated": "2026-04-28T12:28:46.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8075 (GCVE-0-2025-8075)
Vulnerability from cvelistv5 – Published: 2025-12-26 04:31 – Updated: 2025-12-26 16:01
VLAI
Title
Improper Input Validation
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | QNV-C8012 |
Affected:
Prior to version 2.22.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T16:01:07.031195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T16:01:16.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNV-C8012",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 2.22.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user\u0027s browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user\u0027s browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:31:38.718Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-8075",
"datePublished": "2025-12-26T04:31:38.718Z",
"dateReserved": "2025-07-23T06:07:30.973Z",
"dateUpdated": "2025-12-26T16:01:16.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52601 (GCVE-0-2025-52601)
Vulnerability from cvelistv5 – Published: 2025-12-26 04:29 – Updated: 2025-12-26 19:27
VLAI
Title
Hardcoding sensitive information
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | Device Manager |
Affected:
prior to version 2.9.3.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T19:27:38.620344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T19:27:44.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Device Manager",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to version 2.9.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:29:25.830Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoding sensitive information",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-52601",
"datePublished": "2025-12-26T04:29:25.830Z",
"dateReserved": "2025-06-18T07:10:49.611Z",
"dateUpdated": "2025-12-26T19:27:44.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52600 (GCVE-0-2025-52600)
Vulnerability from cvelistv5 – Published: 2025-12-26 04:20 – Updated: 2025-12-26 14:50
VLAI
Title
Improper Input Validation
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the user's host PC.The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | QNV-C8012 |
Affected:
Prior to version 2.22.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T14:42:11.310664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T14:50:40.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNV-C8012",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 2.22.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\n\n\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the user\u0027s host PC.The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the user\u0027s host PC.The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:20:17.014Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-52600",
"datePublished": "2025-12-26T04:20:17.014Z",
"dateReserved": "2025-06-18T07:10:49.611Z",
"dateUpdated": "2025-12-26T14:50:40.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52599 (GCVE-0-2025-52599)
Vulnerability from cvelistv5 – Published: 2025-12-26 04:12 – Updated: 2025-12-26 15:15
VLAI
Title
Inadequate account permissions management
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | QNV-C8012 |
Affected:
Prior to version 2.22.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:12:40.665556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:15:17.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNV-C8012",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 2.22.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:12:37.550Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inadequate account permissions management",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-52599",
"datePublished": "2025-12-26T04:12:37.550Z",
"dateReserved": "2025-06-18T07:10:49.610Z",
"dateUpdated": "2025-12-26T15:15:17.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52598 (GCVE-0-2025-52598)
Vulnerability from cvelistv5 – Published: 2025-12-26 04:07 – Updated: 2025-12-26 15:15
VLAI
Title
Insufficient certificate validation
Summary
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | QNV-C8012 |
Affected:
Prior to version 2.22.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:12:31.184142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:15:22.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNV-C8012",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 2.22.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eCybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera\u0027s client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera\u0027s client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T04:07:19.958Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient certificate validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2025-52598",
"datePublished": "2025-12-26T04:07:19.958Z",
"dateReserved": "2025-06-18T07:10:49.610Z",
"dateUpdated": "2025-12-26T15:15:22.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}