Remote Code Execution Vulnerability in Hanwha Vision NVR Products
CVE-2024-41884

Currently unrated

Key Information:

Vendor: Hanwha Vision Co., Ltd.
Status: Xrn-420s
Vendor: CVE Published:; 24 December 2024

🔔 Create Hanwha Vision Co., Ltd. Vulnerability Alert

What is CVE-2024-41884?

A vulnerability has been identified in Hanwha Vision's Network Video Recorder (NVR) products that allows attackers to execute arbitrary code remotely. This issue arises when an attacker fails to provide a value for a specific URL parameter, leading to NULL pointer references that cause the NVR to reboot unexpectedly. Users are strongly advised to implement the firmware patch released by the manufacturer to mitigate this issue. For more information on the vulnerability and available workarounds, please refer to the manufacturer's advisory report.

Affected Version(s)

XRN-420S 5.01.62 and prior versions

References

https://www.hanwhavision.com/wp-content/uploads/2024/12/N...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2024
Vulnerability Reserved
Jul 23, 2024

JSON