Unauthenticated DoS Flaw Affects Camera, Requires Manual Restart
CVE-2023-5038

7.5HIGH

Key Information:

Vendor: Hanwha Vision Co., Ltd.
Status: A-series, Q-series, Pnm-series Camera
Vendor: CVE Published:; 25 June 2024

🔔 Create Hanwha Vision Co., Ltd. Vulnerability Alert

What is CVE-2023-5038?

A vulnerability identified by a security researcher allows attackers to perform unauthenticated denial-of-service (DoS) attacks on specific models of Hanwha Vision cameras. When the attacker executes a specially crafted URL, victims are unable to access the web management interface of the camera. This requires users to manually restart or re-power the device to restore functionality. Hanwha Vision has released patch firmware addressing this issue, and users are urged to apply the updates immediately. For detailed information and workarounds, refer to the manufacturer's advisory.

Affected Version(s)

A-Series, Q-Series, PNM-series Camera Prior to version 1.41.16, Prior to version 2.22.00

References

https://www.hanwhavision.com/wp-content/uploads/2024/06/C...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
Sep 18, 2023

JSON