Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities by Hanwha
CVE-2016-15046 (GCVE-0-2016-15046)
Vulnerability from cvelistv5 – Published: 2025-07-25 15:53 – Updated: 2025-11-21 14:07
VLAI
Title
Hanwha Techwin SSM 1.32 & 1.4 ActiveMQ File Upload RCE
Summary
A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, ultimately resulting in arbitrary code execution with SYSTEM privileges.
This vulnerability bypasses the server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side.
This product is now referred to as Hanwha Wisenet SSM and it is unknown if current versions are affected.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| http://www.zerodayinitiative.com/advisories/ZDI-15-156/ | third-party-advisory |
| http://www.zerodayinitiative.com/advisories/ZDI-16-481/ | third-party-advisory |
| https://web.archive.org/web/20160518205411/http:/… | patch |
| https://srcincite.io/advisories/src-2016-0032/ | third-party-advisory |
| https://www.vulncheck.com/advisories/samsung-secu… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha | Smart Security Manager (SSM) |
Affected:
1.32
Affected: 1.4 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-15046",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T15:22:08.519649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T15:22:20.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/samsung_security_manager_put.rb"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ActiveMQ Broker Service"
],
"product": "Smart Security Manager (SSM)",
"vendor": "Hanwha",
"versions": [
{
"status": "affected",
"version": "1.32"
},
{
"status": "affected",
"version": "1.4"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hanwha-security:smart_security_manager:1.32:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hanwha-security:smart_security_manager:1.4:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Steven Seeley of Source Incite"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, ultimately resulting in arbitrary code execution with SYSTEM privileges. \u003cbr\u003e\u003cbr\u003eThis vulnerability bypasses the server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side. \u003cbr\u003e\u003cbr\u003eThis product is now referred to as\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHanwha \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWisenet SSM and it is unknown if current versions are affected.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, ultimately resulting in arbitrary code execution with SYSTEM privileges. \n\nThis vulnerability bypasses the server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side. \n\nThis product is now referred to as\u00a0Hanwha Wisenet SSM and it is unknown if current versions are affected."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T14:07:12.496Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/samsung_security_manager_put.rb"
},
{
"tags": [
"third-party-advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-156/"
},
{
"tags": [
"third-party-advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-481/"
},
{
"tags": [
"patch"
],
"url": "https://web.archive.org/web/20160518205411/http://security.hanwhatechwin.com/product/product_view.asp?idx=6779#FL080000"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://srcincite.io/advisories/src-2016-0032/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/samsung-security-manager-activemq-file-upload-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hanwha Techwin SSM 1.32 \u0026 1.4 ActiveMQ File Upload RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-15046",
"datePublished": "2025-07-25T15:53:44.379Z",
"dateReserved": "2025-07-23T21:05:30.354Z",
"dateUpdated": "2025-11-21T14:07:12.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-15046 (GCVE-0-2016-15046)
Vulnerability from nvd – Published: 2025-07-25 15:53 – Updated: 2025-11-21 14:07
VLAI
Title
Hanwha Techwin SSM 1.32 & 1.4 ActiveMQ File Upload RCE
Summary
A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, ultimately resulting in arbitrary code execution with SYSTEM privileges.
This vulnerability bypasses the server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side.
This product is now referred to as Hanwha Wisenet SSM and it is unknown if current versions are affected.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| http://www.zerodayinitiative.com/advisories/ZDI-15-156/ | third-party-advisory |
| http://www.zerodayinitiative.com/advisories/ZDI-16-481/ | third-party-advisory |
| https://web.archive.org/web/20160518205411/http:/… | patch |
| https://srcincite.io/advisories/src-2016-0032/ | third-party-advisory |
| https://www.vulncheck.com/advisories/samsung-secu… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha | Smart Security Manager (SSM) |
Affected:
1.32
Affected: 1.4 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-15046",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T15:22:08.519649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T15:22:20.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/samsung_security_manager_put.rb"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ActiveMQ Broker Service"
],
"product": "Smart Security Manager (SSM)",
"vendor": "Hanwha",
"versions": [
{
"status": "affected",
"version": "1.32"
},
{
"status": "affected",
"version": "1.4"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hanwha-security:smart_security_manager:1.32:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hanwha-security:smart_security_manager:1.4:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Steven Seeley of Source Incite"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, ultimately resulting in arbitrary code execution with SYSTEM privileges. \u003cbr\u003e\u003cbr\u003eThis vulnerability bypasses the server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side. \u003cbr\u003e\u003cbr\u003eThis product is now referred to as\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHanwha \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWisenet SSM and it is unknown if current versions are affected.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, ultimately resulting in arbitrary code execution with SYSTEM privileges. \n\nThis vulnerability bypasses the server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side. \n\nThis product is now referred to as\u00a0Hanwha Wisenet SSM and it is unknown if current versions are affected."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T14:07:12.496Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/samsung_security_manager_put.rb"
},
{
"tags": [
"third-party-advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-156/"
},
{
"tags": [
"third-party-advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-481/"
},
{
"tags": [
"patch"
],
"url": "https://web.archive.org/web/20160518205411/http://security.hanwhatechwin.com/product/product_view.asp?idx=6779#FL080000"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://srcincite.io/advisories/src-2016-0032/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/samsung-security-manager-activemq-file-upload-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hanwha Techwin SSM 1.32 \u0026 1.4 ActiveMQ File Upload RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-15046",
"datePublished": "2025-07-25T15:53:44.379Z",
"dateReserved": "2025-07-23T21:05:30.354Z",
"dateUpdated": "2025-11-21T14:07:12.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201601-0417
Vulnerability from variot - Updated: 2024-02-13 22:39Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. The Samsung SRN-1670D camera contains multiple vulnerabilities. SamsungSRN-1670D is a network video recorder product from Samsung. An arbitrary file-read vulnerability 2. An information-disclosure vulnerability 3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web viewer",
"scope": "lte",
"trust": 1.0,
"vendor": "samsung",
"version": "1.0.0.193"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hanwha",
"version": null
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "0"
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "date created 2013.10.26"
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "version 1"
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "193"
},
{
"model": "srn-1670d",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.6,
"vendor": "samsung",
"version": "1.0.0.193"
},
{
"model": "srn-1670d",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "1.0.0.193"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00247"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006814"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-231"
},
{
"db": "NVD",
"id": "CVE-2015-8279"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:samsung:web_viewer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.193",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8279"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aristide Fattori, Luca Giancane and Roberto Paleari",
"sources": [
{
"db": "BID",
"id": "80381"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8279",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00247",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8279",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-8279",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00247",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-231",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-8279",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00247"
},
{
"db": "VULMON",
"id": "CVE-2015-8279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006814"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-231"
},
{
"db": "NVD",
"id": "CVE-2015-8279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. The Samsung SRN-1670D camera contains multiple vulnerabilities. SamsungSRN-1670D is a network video recorder product from Samsung. An arbitrary file-read vulnerability\n2. An information-disclosure vulnerability\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8279"
},
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006814"
},
{
"db": "CNVD",
"id": "CNVD-2016-00247"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "VULMON",
"id": "CVE-2015-8279"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#913000",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-8279",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU97593732",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006814",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00247",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201601-231",
"trust": 0.6
},
{
"db": "BID",
"id": "80381",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2015-8279",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00247"
},
{
"db": "VULMON",
"id": "CVE-2015-8279"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006814"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-231"
},
{
"db": "NVD",
"id": "CVE-2015-8279"
}
]
},
"id": "VAR-201601-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00247"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00247"
}
]
},
"last_update_date": "2024-02-13T22:39:02.302000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SRN-1670D",
"trust": 0.8,
"url": "http://www.samsungsecurity.com/product/product_view.asp?idx=6583"
},
{
"title": "CVE-2017-16524",
"trust": 0.1,
"url": "https://github.com/realistic-security/cve-2017-16524 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-8279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006814"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006814"
},
{
"db": "NVD",
"id": "CVE-2015-8279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://www.kb.cert.org/vuls/id/913000"
},
{
"trust": 1.4,
"url": "http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8279"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97593732/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8279"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://github.com/realistic-security/cve-2017-16524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00247"
},
{
"db": "VULMON",
"id": "CVE-2015-8279"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006814"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-231"
},
{
"db": "NVD",
"id": "CVE-2015-8279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00247"
},
{
"db": "VULMON",
"id": "CVE-2015-8279"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006814"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-231"
},
{
"db": "NVD",
"id": "CVE-2015-8279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#913000"
},
{
"date": "2016-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00247"
},
{
"date": "2016-01-15T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8279"
},
{
"date": "2016-01-12T00:00:00",
"db": "BID",
"id": "80381"
},
{
"date": "2016-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006814"
},
{
"date": "2016-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-231"
},
{
"date": "2016-01-15T03:59:10.763000",
"db": "NVD",
"id": "CVE-2015-8279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-25T00:00:00",
"db": "CERT/CC",
"id": "VU#913000"
},
{
"date": "2016-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00247"
},
{
"date": "2016-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8279"
},
{
"date": "2016-01-12T00:00:00",
"db": "BID",
"id": "80381"
},
{
"date": "2016-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006814"
},
{
"date": "2016-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-231"
},
{
"date": "2016-01-20T19:53:17.820000",
"db": "NVD",
"id": "CVE-2015-8279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-231"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung SRN-1670D camera contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-231"
}
],
"trust": 0.6
}
}
VAR-201803-1771
Vulnerability from variot - Updated: 2023-12-18 14:05Unsecured way of firmware update in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is currently no detailed vulnerability description. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1771",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6294"
}
]
},
"cve": "CVE-2018-6294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6294",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-07060",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136326",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6294",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6294",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-07060",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136326",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unsecured way of firmware update in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is currently no detailed vulnerability description. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6294",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-07060",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136326",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"id": "VAR-201803-1771",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
}
]
},
"last_update_date": "2023-12-18T14:05:29.774000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam Unsafe Firmware Update Method Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/124841"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79086"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6294"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6294"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136326"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"date": "2018-03-13T17:29:00.327000",
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136326"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"date": "2018-04-09T12:48:03.020000",
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to authentication in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
],
"trust": 0.6
}
}
VAR-201904-0588
Vulnerability from variot - Updated: 2023-12-18 14:00Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. Hanwha Techwin SRN-4000 The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSRN-4000 is a network video recorder from Hanwha Techwin, Korea. A remote command execution vulnerability exists in versions of SRN-4000 firmware prior to SRN4000_v2.16_170401. The vulnerability could be exploited by a remote attacker to gain access to the Web Administration Portal with administrator privileges. Hanwha Techwin SRN-4000 is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. Hanwha Techwin SRN-4000 SRN4000_v2.16_170401 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "srn-4000",
"scope": "lt",
"trust": 1.0,
"vendor": "hanwhasecurity",
"version": "2.16_170401"
},
{
"model": "srn-4000",
"scope": "lt",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "2.16_170401"
},
{
"model": "techwin srn-4000 \u003cv2.16 170401",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
},
{
"model": "techwin srn-4000 srn4000 v2.16 170401",
"scope": null,
"trust": 0.3,
"vendor": "hanwha",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "srn 4000",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwhasecurity:srn-4000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.16_170401",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwhasecurity:srn-4000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7912"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Can Demirel and Faruk Unal of Biznet Bilisim.",
"sources": [
{
"db": "BID",
"id": "98488"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7912",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-7912",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07300",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7912",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7912",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-07300",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-767",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-7912",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. Hanwha Techwin SRN-4000 The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSRN-4000 is a network video recorder from Hanwha Techwin, Korea. A remote command execution vulnerability exists in versions of SRN-4000 firmware prior to SRN4000_v2.16_170401. The vulnerability could be exploited by a remote attacker to gain access to the Web Administration Portal with administrator privileges. Hanwha Techwin SRN-4000 is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. \nHanwha Techwin SRN-4000 SRN4000_v2.16_170401 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7912",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-136-03",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2017-07300",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422",
"trust": 0.8
},
{
"db": "BID",
"id": "98488",
"trust": 0.4
},
{
"db": "IVD",
"id": "CC18FDB9-BE18-4A32-B904-ACC2D474102D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-7912",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"id": "VAR-201904-0588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
}
]
},
"last_update_date": "2023-12-18T14:00:59.094000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SRN-4000",
"trust": 0.8,
"url": "https://www.hanwhasecurity.com/srn-4000.html"
},
{
"title": "HanwhaTechwinSRN-4000 Remote Command Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94226"
},
{
"title": "Hanwha Techwin SRN-4000 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70338"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-136-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7912"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7912"
},
{
"trust": 0.3,
"url": "http://www.hanwha-security.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98488"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"date": "2019-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"date": "2017-05-16T00:00:00",
"db": "BID",
"id": "98488"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"date": "2019-04-08T15:29:00.263000",
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"date": "2017-05-16T00:00:00",
"db": "BID",
"id": "98488"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"date": "2019-10-09T23:29:56.827000",
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"date": "2019-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin SRN-4000 Remote Command Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
],
"trust": 0.6
}
}
VAR-201803-1773
Vulnerability from variot - Updated: 2023-12-18 13:57An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains an access control vulnerability.Information may be altered. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1773",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6296"
}
]
},
"cve": "CVE-2018-6296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6296",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-07061",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-136328",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6296",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6296",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-07061",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-389",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-136328",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains an access control vulnerability.Information may be altered. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6296",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-07061",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136328",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"id": "VAR-201803-1773",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
}
]
},
"last_update_date": "2023-12-18T13:57:05.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcamweb interface to switch patches for hidden feature vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/124839"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79084"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6296"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6296"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136328"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"date": "2018-03-13T17:29:00.437000",
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136328"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities in access control in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
],
"trust": 0.6
}
}
VAR-201702-0687
Vulnerability from variot - Updated: 2023-12-18 13:53An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0687",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.5"
},
{
"model": "smart security manager",
"scope": "lte",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "lte",
"trust": 0.6,
"vendor": "hanwha",
"version": "\u003c=1.5"
},
{
"model": "smart security manager",
"scope": "eq",
"trust": 0.6,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.4"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smart security manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hanwha-security:smart_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5169"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite.",
"sources": [
{
"db": "BID",
"id": "96147"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5169",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5169",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-01643",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5169",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5169",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-01643",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-460",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5169",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-040-01",
"trust": 3.3
},
{
"db": "BID",
"id": "96147",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01643",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711",
"trust": 0.8
},
{
"db": "IVD",
"id": "BF78BCAD-0C38-477A-B8AC-FF7D1CA7667E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"id": "VAR-201702-0687",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
}
]
},
"last_update_date": "2023-12-18T13:53:05.473000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSM(Smart Security Manager)",
"trust": 0.8,
"url": "http://www.hanwha-security.com/prod/info.do?menucd=mn000185\u0026catg1=mc000087\u0026catg2=mc000089\u0026catg3=\u0026mdlcd=mc000825"
},
{
"title": "Patch for Hanwha Techwin Smart Security Manager cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89533"
},
{
"title": "Hanwha Techwin Smart Security Manager Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67751"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-040-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96147"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5169"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5169"
},
{
"trust": 0.3,
"url": "http://www.hanwha-security.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"date": "2017-02-09T00:00:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"date": "2017-02-13T21:59:03.067000",
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"date": "2017-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"date": "2017-03-07T04:01:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"date": "2021-09-13T12:04:44.103000",
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smart Security Manager Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
],
"trust": 0.6
}
}
VAR-201702-0686
Vulnerability from variot - Updated: 2023-12-18 13:53An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.5"
},
{
"model": "smart security manager",
"scope": "lte",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "lte",
"trust": 0.6,
"vendor": "hanwha",
"version": "\u003c=1.5"
},
{
"model": "smart security manager",
"scope": "eq",
"trust": 0.6,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.4"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smart security manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hanwha-security:smart_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite.",
"sources": [
{
"db": "BID",
"id": "96147"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5168",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5168",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-01645",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5168",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5168",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-01645",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-461",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5168",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-040-01",
"trust": 2.7
},
{
"db": "BID",
"id": "96147",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01645",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710",
"trust": 0.8
},
{
"db": "IVD",
"id": "13E5304E-4192-41E8-9E8E-2B72B96F950E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"id": "VAR-201702-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
}
]
},
"last_update_date": "2023-12-18T13:53:05.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSM(Smart Security Manager)",
"trust": 0.8,
"url": "http://www.hanwha-security.com/prod/info.do?menucd=mn000185\u0026catg1=mc000087\u0026catg2=mc000089\u0026catg3=\u0026mdlcd=mc000825"
},
{
"title": "Hanwha Techwin Smart Security Manager privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89536"
},
{
"title": "Hanwha Techwin Smart Security Manager ActiveMQ Broker Repair of service path traversal vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67752"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-040-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96147"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5168"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5168"
},
{
"trust": 0.3,
"url": "http://www.hanwha-security.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"date": "2017-02-09T00:00:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"date": "2017-02-13T21:59:03.050000",
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"date": "2017-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"date": "2017-03-07T04:01:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"date": "2021-09-13T12:04:36.983000",
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smart Security Manager of ActiveMQ Broker Path traversal vulnerability in services",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
],
"trust": 0.8
}
}
VAR-201803-1772
Vulnerability from variot - Updated: 2023-12-18 13:52Unencrypted way of remote control and communications in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam There is a cryptographic vulnerability in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There are currently no detailed vulnerability descriptions. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1772",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6295"
}
]
},
"cve": "CVE-2018-6295",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6295",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05231",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136327",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6295",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6295",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05231",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-390",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136327",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-6295",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unencrypted way of remote control and communications in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam There is a cryptographic vulnerability in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There are currently no detailed vulnerability descriptions. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6295",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05231",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136327",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6295",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"id": "VAR-201803-1772",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
}
]
},
"last_update_date": "2023-12-18T13:52:43.527000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam does not encrypt patches for remote control and communication vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121433"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79085"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6295"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6295"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136327"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"date": "2018-03-13T17:29:00.373000",
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136327"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Encryption vulnerability in some firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
],
"trust": 0.6
}
}
VAR-201803-1780
Vulnerability from variot - Updated: 2023-12-18 13:43Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a data processing vulnerability.Denial of service (DoS) May be in a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1780",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6303"
}
]
},
"cve": "CVE-2018-6303",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6303",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05238",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-136335",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6303",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6303",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-05238",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-382",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136335",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a data processing vulnerability.Denial of service (DoS) May be in a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6303",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05238",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136335",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"id": "VAR-201803-1780",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
}
]
},
"last_update_date": "2023-12-18T13:43:47.876000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121447"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79077"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-19",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6303"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6303"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136335"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"date": "2018-03-13T17:29:00.810000",
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136335"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities in data processing in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
],
"trust": 0.6
}
}
VAR-201803-1776
Vulnerability from variot - Updated: 2023-12-18 13:38Authentication bypass in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1776",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6299"
}
]
},
"cve": "CVE-2018-6299",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6299",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05234",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136331",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6299",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6299",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05234",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-386",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136331",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Authentication bypass in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6299",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05234",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136331",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"id": "VAR-201803-1776",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
}
]
},
"last_update_date": "2023-12-18T13:38:42.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam certification bypasses the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121439"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79081"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6299"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6299"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136331"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"date": "2018-03-13T17:29:00.607000",
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136331"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"date": "2018-04-09T13:50:47.247000",
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to authentication in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
],
"trust": 0.6
}
}
VAR-201803-1778
Vulnerability from variot - Updated: 2023-12-18 13:33Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains firmware, authorization, authority, and access control vulnerabilities.Information may be obtained. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6301"
}
]
},
"cve": "CVE-2018-6301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6301",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05236",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136333",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6301",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6301",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-05236",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-384",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136333",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains firmware, authorization, authority, and access control vulnerabilities.Information may be obtained. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6301",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05236",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136333",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"id": "VAR-201803-1778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
}
]
},
"last_update_date": "2023-12-18T13:33:56.923000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam arbitrarily accesses and monitors vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121443"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79079"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6301"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6301"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136333"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"date": "2018-03-13T17:29:00.700000",
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136333"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam , Authorization, Access Control Vulnerabilities in Firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
],
"trust": 0.6
}
}
VAR-201803-1777
Vulnerability from variot - Updated: 2023-12-18 13:28Remote password change in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to certificate and password management exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6300"
}
]
},
"cve": "CVE-2018-6300",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6300",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05235",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136332",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6300",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6300",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05235",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-385",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136332",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote password change in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to certificate and password management exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6300",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05235",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136332",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"id": "VAR-201803-1777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
}
]
},
"last_update_date": "2023-12-18T13:28:59.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam Remote Password Change Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121441"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79080"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6300"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6300"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136332"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"date": "2018-03-13T17:29:00.653000",
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136332"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
],
"trust": 0.6
}
}
VAR-201803-1775
Vulnerability from variot - Updated: 2023-12-18 12:57Remote code execution in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1775",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6298"
}
]
},
"cve": "CVE-2018-6298",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-6298",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05233",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-136330",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6298",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6298",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05233",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-387",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136330",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-6298",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote code execution in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6298",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-05233",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136330",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6298",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"id": "VAR-201803-1775",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
}
]
},
"last_update_date": "2023-12-18T12:57:01.414000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121437"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79082"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6298"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6298"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136330"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"date": "2018-03-13T17:29:00.543000",
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136330"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"date": "2018-04-09T13:50:23.510000",
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to input validation in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
],
"trust": 0.6
}
}
VAR-201803-1774
Vulnerability from variot - Updated: 2023-12-18 12:36Buffer overflow in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. HanwhaTechwinSmartcam has a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1774",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6297"
}
]
},
"cve": "CVE-2018-6297",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6297",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-05232",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136329",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6297",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6297",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05232",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-388",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136329",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. HanwhaTechwinSmartcam has a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6297",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05232",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136329",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"id": "VAR-201803-1774",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
}
]
},
"last_update_date": "2023-12-18T12:36:54.215000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121435"
},
{
"title": "Hanwha Techwin Smartcams Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79083"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6297"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6297"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136329"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"date": "2018-03-13T17:29:00.483000",
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136329"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"date": "2018-04-09T13:46:54.627000",
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Buffer error vulnerability in some firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
],
"trust": 0.6
}
}
VAR-201601-0419
Vulnerability from variot - Updated: 2023-12-18 12:30Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. The Samsung SRN-1670D camera contains multiple vulnerabilities. In addition, JVNVU#97593732 Then CWE-327 It is published as CWE-327: Use of a Broken or Risky Cryptographic Algorithm https://cwe.mitre.org/data/definitions/327.htmlBy the attacker, XOR Through calculation, file system encryption may be avoided. SamsungSRN-1670D is a network video recorder product. The SamsungSRN-1670D uses a weak custom encryption algorithm based on a simple XOR operation that allows a remote attacker to exploit this vulnerability to obtain arbitrary files and user credentials. An arbitrary file-read vulnerability 2. An information-disclosure vulnerability 3. A security weakness Successful exploits can allow attackers to read arbitrary files or perform certain unauthorized actions and gain access to potentially sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0419",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web viewer",
"scope": "lte",
"trust": 1.0,
"vendor": "samsung",
"version": "1.0.0.193"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hanwha",
"version": null
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "0"
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "date created 2013.10.26"
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "version 1"
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "193"
},
{
"model": "srn-1670d",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.6,
"vendor": "samsung",
"version": "1.0.0.193"
},
{
"model": "srn-1670d",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "1.0.0.193"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00273"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006816"
},
{
"db": "NVD",
"id": "CVE-2015-8281"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-229"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:samsung:web_viewer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.193",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8281"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aristide Fattori, Luca Giancane and Roberto Paleari",
"sources": [
{
"db": "BID",
"id": "80381"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8281",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-8281",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00273",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8281",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00273",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-229",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006816"
},
{
"db": "NVD",
"id": "CVE-2015-8281"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. The Samsung SRN-1670D camera contains multiple vulnerabilities. In addition, JVNVU#97593732 Then CWE-327 It is published as CWE-327: Use of a Broken or Risky Cryptographic Algorithm https://cwe.mitre.org/data/definitions/327.htmlBy the attacker, XOR Through calculation, file system encryption may be avoided. SamsungSRN-1670D is a network video recorder product. The SamsungSRN-1670D uses a weak custom encryption algorithm based on a simple XOR operation that allows a remote attacker to exploit this vulnerability to obtain arbitrary files and user credentials. An arbitrary file-read vulnerability\n2. An information-disclosure vulnerability\n3. A security weakness\nSuccessful exploits can allow attackers to read arbitrary files or perform certain unauthorized actions and gain access to potentially sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8281"
},
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006816"
},
{
"db": "CNVD",
"id": "CNVD-2016-00273"
},
{
"db": "BID",
"id": "80381"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#913000",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2015-8281",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU97593732",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006816",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00273",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201601-229",
"trust": 0.6
},
{
"db": "BID",
"id": "80381",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00273"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006816"
},
{
"db": "NVD",
"id": "CVE-2015-8281"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-229"
}
]
},
"id": "VAR-201601-0419",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00273"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00273"
}
]
},
"last_update_date": "2023-12-18T12:30:09.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SRN-1670D",
"trust": 0.8,
"url": "http://www.samsungsecurity.com/product/product_view.asp?idx=6583"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006816"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006816"
},
{
"db": "NVD",
"id": "CVE-2015-8281"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://www.kb.cert.org/vuls/id/913000"
},
{
"trust": 1.4,
"url": "http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8281"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97593732/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8281"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00273"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006816"
},
{
"db": "NVD",
"id": "CVE-2015-8281"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00273"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006816"
},
{
"db": "NVD",
"id": "CVE-2015-8281"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#913000"
},
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00273"
},
{
"date": "2016-01-12T00:00:00",
"db": "BID",
"id": "80381"
},
{
"date": "2016-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006816"
},
{
"date": "2016-01-15T03:59:12.577000",
"db": "NVD",
"id": "CVE-2015-8281"
},
{
"date": "2016-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-25T00:00:00",
"db": "CERT/CC",
"id": "VU#913000"
},
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00273"
},
{
"date": "2016-01-12T00:00:00",
"db": "BID",
"id": "80381"
},
{
"date": "2016-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006816"
},
{
"date": "2016-01-20T19:54:07.920000",
"db": "NVD",
"id": "CVE-2015-8281"
},
{
"date": "2016-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-229"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-229"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung SRN-1670D camera contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-229"
}
],
"trust": 0.6
}
}
VAR-201601-0418
Vulnerability from variot - Updated: 2023-12-18 12:30Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. The Samsung SRN-1670D camera contains multiple vulnerabilities. SamsungSRN-1670D is a network video recorder product. The SamsungSRN-1670D has a security vulnerability that allows remote attackers to obtain certificate information by sending a specially crafted request. An arbitrary file-read vulnerability 2. An information-disclosure vulnerability 3. A security weakness Successful exploits can allow attackers to read arbitrary files or perform certain unauthorized actions and gain access to potentially sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0418",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web viewer",
"scope": "lte",
"trust": 1.0,
"vendor": "samsung",
"version": "1.0.0.193"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hanwha",
"version": null
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "0"
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "date created 2013.10.26"
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "version 1"
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "193"
},
{
"model": "srn-1670d",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
},
{
"model": "web viewer",
"scope": "eq",
"trust": 0.6,
"vendor": "samsung",
"version": "1.0.0.193"
},
{
"model": "srn-1670d",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "1.0.0.193"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00248"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006815"
},
{
"db": "NVD",
"id": "CVE-2015-8280"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-230"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:samsung:web_viewer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.193",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8280"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aristide Fattori, Luca Giancane and Roberto Paleari",
"sources": [
{
"db": "BID",
"id": "80381"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8280",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8280",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00248",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8280",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-8280",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00248",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-230",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-8280",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00248"
},
{
"db": "VULMON",
"id": "CVE-2015-8280"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006815"
},
{
"db": "NVD",
"id": "CVE-2015-8280"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-230"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. The Samsung SRN-1670D camera contains multiple vulnerabilities. SamsungSRN-1670D is a network video recorder product. The SamsungSRN-1670D has a security vulnerability that allows remote attackers to obtain certificate information by sending a specially crafted request. An arbitrary file-read vulnerability\n2. An information-disclosure vulnerability\n3. A security weakness\nSuccessful exploits can allow attackers to read arbitrary files or perform certain unauthorized actions and gain access to potentially sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8280"
},
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006815"
},
{
"db": "CNVD",
"id": "CNVD-2016-00248"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "VULMON",
"id": "CVE-2015-8280"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#913000",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-8280",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU97593732",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006815",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00248",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201601-230",
"trust": 0.6
},
{
"db": "BID",
"id": "80381",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2015-8280",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00248"
},
{
"db": "VULMON",
"id": "CVE-2015-8280"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006815"
},
{
"db": "NVD",
"id": "CVE-2015-8280"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-230"
}
]
},
"id": "VAR-201601-0418",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00248"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00248"
}
]
},
"last_update_date": "2023-12-18T12:30:09.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SRN-1670D",
"trust": 0.8,
"url": "http://www.samsungsecurity.com/product/product_view.asp?idx=6583"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006815"
},
{
"db": "NVD",
"id": "CVE-2015-8280"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://www.kb.cert.org/vuls/id/913000"
},
{
"trust": 1.4,
"url": "http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8280"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97593732/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8280"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/80381"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00248"
},
{
"db": "VULMON",
"id": "CVE-2015-8280"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006815"
},
{
"db": "NVD",
"id": "CVE-2015-8280"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-230"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#913000"
},
{
"db": "CNVD",
"id": "CNVD-2016-00248"
},
{
"db": "VULMON",
"id": "CVE-2015-8280"
},
{
"db": "BID",
"id": "80381"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006815"
},
{
"db": "NVD",
"id": "CVE-2015-8280"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-230"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#913000"
},
{
"date": "2016-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00248"
},
{
"date": "2016-01-15T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8280"
},
{
"date": "2016-01-12T00:00:00",
"db": "BID",
"id": "80381"
},
{
"date": "2016-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006815"
},
{
"date": "2016-01-15T03:59:11.653000",
"db": "NVD",
"id": "CVE-2015-8280"
},
{
"date": "2016-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-230"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-25T00:00:00",
"db": "CERT/CC",
"id": "VU#913000"
},
{
"date": "2016-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00248"
},
{
"date": "2016-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8280"
},
{
"date": "2016-01-12T00:00:00",
"db": "BID",
"id": "80381"
},
{
"date": "2016-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006815"
},
{
"date": "2016-01-21T15:13:08.040000",
"db": "NVD",
"id": "CVE-2015-8280"
},
{
"date": "2016-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-230"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-230"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung SRN-1670D camera contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#913000"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-230"
}
],
"trust": 0.6
}
}
VAR-201803-1779
Vulnerability from variot - Updated: 2023-12-18 12:29Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to security functions exist in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is a denial of service vulnerability in HanwhaTechwinSmartcam. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1779",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6302"
}
]
},
"cve": "CVE-2018-6302",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6302",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05237",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-136334",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6302",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6302",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-05237",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-383",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136334",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-6302",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to security functions exist in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is a denial of service vulnerability in HanwhaTechwinSmartcam. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6302",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-05237",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136334",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6302",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"id": "VAR-201803-1779",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
}
]
},
"last_update_date": "2023-12-18T12:29:04.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "Patch for HanwhaTechwinSmartcam Denial of Service Vulnerability (CNVD-2018-05237)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121445"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79078"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6302"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6302"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136334"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"date": "2018-03-13T17:29:00.747000",
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136334"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to security functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
],
"trust": 0.6
}
}