CVE-2023-5747

Published: Nov 13, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution."

Affected (3)

Products: Hanwhavision: Pno A6081r E1t Firmware, Pno A6081r E2t Firmware, Wave Server Software

3 products

Pno A6081r E1t Firmware

Pno A6081r E2t Firmware

Wave Server Software

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hanwhavision Pno A6081r E1t Firmware	Version 2.21.02

Running on/with	Platform Versions
Hanwhavision Pno A6081r E1t	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hanwhavision Pno A6081r E2t Firmware	Version 2.21.02
Hanwhavision Wave Server Software	Before 5.1.1.37647

Running on/with	Platform Versions
Hanwhavision Pno A6081r E2t	All versions

Related CWEs

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf

Source: fc9afe74-3f80-4fb7-a313-e6f036a89882

Third Party Advisory

https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.