Command injection via wave install file
CVE-2023-5747

8.8HIGH

Key Information:

Vendor: Hanwha Vision Co., Ltd.
Status: PNV-A6081R
Vendor: CVE Published:; 13 November 2023

🔔 Create Hanwha Vision Co., Ltd. Vulnerability Alert

What is CVE-2023-5747?

A security flaw has been identified in the Wave server application utilized in camera devices from HanwhaVision. This vulnerability enables attackers to exploit command injection during the installation process, potentially allowing unauthorized execution of arbitrary code on the device. HanwhaVision has issued a security patch to address this issue, which is crucial for protecting the integrity and security of their camera system. Users are urged to update their firmware as recommended in the vendor advisory.

Affected Version(s)

PNV-A6081R 2.21.02

References

https://www.hanwhavision.com/wp-content/uploads/2023/11/C...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2023
Vulnerability Reserved
Oct 24, 2023

JSON