Hanwha Vision A-Series Camera/Q-Series Camera/PNM-series Camera prior 1.41.16/2.22.00 Web Management Page improper check or handling of exceptional conditions
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.1 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Hanwha Vision A-Series Camera, Q-Series Camera and PNM-series Camera and classified as problematic. This vulnerability affects unknown code of the component Web Management Page. Executing a manipulation can lead to improper check or handling of exceptional conditions. This vulnerability is tracked as CVE-2023-5038. No exploit exists. It is suggested to upgrade the affected component.
Details
A vulnerability was found in Hanwha Vision A-Series Camera, Q-Series Camera and PNM-series Camera. It has been declared as problematic. This vulnerability affects an unknown code of the component Web Management Page. The manipulation with an unknown input leads to a improper check or handling of exceptional conditions vulnerability. The CWE definition for the vulnerability is CWE-703. The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. As an impact it is known to affect availability. CVE summarizes:
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
The advisory is available at hanwhavision.com. This vulnerability was named CVE-2023-5038 since 09/18/2023. The exploitation appears to be easy. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available.
Upgrading to version 1.41.16 or 2.22.00 eliminates this vulnerability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper check or handling of exceptional conditionsCWE: CWE-703
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: A-Series Camera/Q-Series Camera/PNM-series Camera 1.41.16/2.22.00
Timeline
09/18/2023 🔍06/25/2024 🔍
06/25/2024 🔍
06/25/2024 🔍
Sources
Advisory: hanwhavision.comStatus: Confirmed
CVE: CVE-2023-5038 (🔍)
GCVE (CVE): GCVE-0-2023-5038
GCVE (VulDB): GCVE-100-269602
Entry
Created: 06/25/2024 07:37Changes: 06/25/2024 07:37 (53)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.