Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
36 vulnerabilities by Hanwha Techwin
VAR-201803-1771
Vulnerability from variot - Updated: 2023-12-18 14:05Unsecured way of firmware update in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is currently no detailed vulnerability description. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1771",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6294"
}
]
},
"cve": "CVE-2018-6294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6294",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-07060",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136326",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6294",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6294",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-07060",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136326",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unsecured way of firmware update in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is currently no detailed vulnerability description. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6294",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-07060",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136326",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"id": "VAR-201803-1771",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
}
]
},
"last_update_date": "2023-12-18T14:05:29.774000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam Unsafe Firmware Update Method Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/124841"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79086"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6294"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6294"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"db": "VULHUB",
"id": "VHN-136326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136326"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"date": "2018-03-13T17:29:00.327000",
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07060"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136326"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002842"
},
{
"date": "2018-04-09T12:48:03.020000",
"db": "NVD",
"id": "CVE-2018-6294"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to authentication in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002842"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-391"
}
],
"trust": 0.6
}
}
VAR-201904-0588
Vulnerability from variot - Updated: 2023-12-18 14:00Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. Hanwha Techwin SRN-4000 The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSRN-4000 is a network video recorder from Hanwha Techwin, Korea. A remote command execution vulnerability exists in versions of SRN-4000 firmware prior to SRN4000_v2.16_170401. The vulnerability could be exploited by a remote attacker to gain access to the Web Administration Portal with administrator privileges. Hanwha Techwin SRN-4000 is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. Hanwha Techwin SRN-4000 SRN4000_v2.16_170401 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "srn-4000",
"scope": "lt",
"trust": 1.0,
"vendor": "hanwhasecurity",
"version": "2.16_170401"
},
{
"model": "srn-4000",
"scope": "lt",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "2.16_170401"
},
{
"model": "techwin srn-4000 \u003cv2.16 170401",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
},
{
"model": "techwin srn-4000 srn4000 v2.16 170401",
"scope": null,
"trust": 0.3,
"vendor": "hanwha",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "srn 4000",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwhasecurity:srn-4000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.16_170401",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwhasecurity:srn-4000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7912"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Can Demirel and Faruk Unal of Biznet Bilisim.",
"sources": [
{
"db": "BID",
"id": "98488"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7912",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-7912",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07300",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7912",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7912",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-07300",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-767",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-7912",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. Hanwha Techwin SRN-4000 The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSRN-4000 is a network video recorder from Hanwha Techwin, Korea. A remote command execution vulnerability exists in versions of SRN-4000 firmware prior to SRN4000_v2.16_170401. The vulnerability could be exploited by a remote attacker to gain access to the Web Administration Portal with administrator privileges. Hanwha Techwin SRN-4000 is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. \nHanwha Techwin SRN-4000 SRN4000_v2.16_170401 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7912",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-136-03",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2017-07300",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422",
"trust": 0.8
},
{
"db": "BID",
"id": "98488",
"trust": 0.4
},
{
"db": "IVD",
"id": "CC18FDB9-BE18-4A32-B904-ACC2D474102D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-7912",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"id": "VAR-201904-0588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
}
]
},
"last_update_date": "2023-12-18T14:00:59.094000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SRN-4000",
"trust": 0.8,
"url": "https://www.hanwhasecurity.com/srn-4000.html"
},
{
"title": "HanwhaTechwinSRN-4000 Remote Command Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94226"
},
{
"title": "Hanwha Techwin SRN-4000 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70338"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-136-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7912"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7912"
},
{
"trust": 0.3,
"url": "http://www.hanwha-security.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98488"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"db": "BID",
"id": "98488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"date": "2019-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"date": "2017-05-16T00:00:00",
"db": "BID",
"id": "98488"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"date": "2019-04-08T15:29:00.263000",
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07300"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7912"
},
{
"date": "2017-05-16T00:00:00",
"db": "BID",
"id": "98488"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014422"
},
{
"date": "2019-10-09T23:29:56.827000",
"db": "NVD",
"id": "CVE-2017-7912"
},
{
"date": "2019-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin SRN-4000 Remote Command Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "cc18fdb9-be18-4a32-b904-acc2d474102d"
},
{
"db": "CNVD",
"id": "CNVD-2017-07300"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-767"
}
],
"trust": 0.6
}
}
VAR-201803-1773
Vulnerability from variot - Updated: 2023-12-18 13:57An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains an access control vulnerability.Information may be altered. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1773",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6296"
}
]
},
"cve": "CVE-2018-6296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6296",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-07061",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-136328",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6296",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6296",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-07061",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-389",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-136328",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains an access control vulnerability.Information may be altered. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6296",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-07061",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136328",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"id": "VAR-201803-1773",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
}
]
},
"last_update_date": "2023-12-18T13:57:05.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcamweb interface to switch patches for hidden feature vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/124839"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79084"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6296"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6296"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"db": "VULHUB",
"id": "VHN-136328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136328"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"date": "2018-03-13T17:29:00.437000",
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07061"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136328"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002844"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6296"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities in access control in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002844"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-389"
}
],
"trust": 0.6
}
}
VAR-201702-0687
Vulnerability from variot - Updated: 2023-12-18 13:53An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0687",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.5"
},
{
"model": "smart security manager",
"scope": "lte",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "lte",
"trust": 0.6,
"vendor": "hanwha",
"version": "\u003c=1.5"
},
{
"model": "smart security manager",
"scope": "eq",
"trust": 0.6,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.4"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smart security manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hanwha-security:smart_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5169"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite.",
"sources": [
{
"db": "BID",
"id": "96147"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5169",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5169",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-01643",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5169",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5169",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-01643",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-460",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5169",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-040-01",
"trust": 3.3
},
{
"db": "BID",
"id": "96147",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01643",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711",
"trust": 0.8
},
{
"db": "IVD",
"id": "BF78BCAD-0C38-477A-B8AC-FF7D1CA7667E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"id": "VAR-201702-0687",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
}
]
},
"last_update_date": "2023-12-18T13:53:05.473000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSM(Smart Security Manager)",
"trust": 0.8,
"url": "http://www.hanwha-security.com/prod/info.do?menucd=mn000185\u0026catg1=mc000087\u0026catg2=mc000089\u0026catg3=\u0026mdlcd=mc000825"
},
{
"title": "Patch for Hanwha Techwin Smart Security Manager cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89533"
},
{
"title": "Hanwha Techwin Smart Security Manager Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67751"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-040-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96147"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5169"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5169"
},
{
"trust": 0.3,
"url": "http://www.hanwha-security.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"date": "2017-02-09T00:00:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"date": "2017-02-13T21:59:03.067000",
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"date": "2017-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"date": "2017-03-07T04:01:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"date": "2021-09-13T12:04:44.103000",
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smart Security Manager Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
],
"trust": 0.6
}
}
VAR-201702-0686
Vulnerability from variot - Updated: 2023-12-18 13:53An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.5"
},
{
"model": "smart security manager",
"scope": "lte",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "lte",
"trust": 0.6,
"vendor": "hanwha",
"version": "\u003c=1.5"
},
{
"model": "smart security manager",
"scope": "eq",
"trust": 0.6,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.4"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smart security manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hanwha-security:smart_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite.",
"sources": [
{
"db": "BID",
"id": "96147"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5168",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5168",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-01645",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5168",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5168",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-01645",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-461",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5168",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-040-01",
"trust": 2.7
},
{
"db": "BID",
"id": "96147",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01645",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710",
"trust": 0.8
},
{
"db": "IVD",
"id": "13E5304E-4192-41E8-9E8E-2B72B96F950E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"id": "VAR-201702-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
}
]
},
"last_update_date": "2023-12-18T13:53:05.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSM(Smart Security Manager)",
"trust": 0.8,
"url": "http://www.hanwha-security.com/prod/info.do?menucd=mn000185\u0026catg1=mc000087\u0026catg2=mc000089\u0026catg3=\u0026mdlcd=mc000825"
},
{
"title": "Hanwha Techwin Smart Security Manager privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89536"
},
{
"title": "Hanwha Techwin Smart Security Manager ActiveMQ Broker Repair of service path traversal vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67752"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-040-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96147"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5168"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5168"
},
{
"trust": 0.3,
"url": "http://www.hanwha-security.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"date": "2017-02-09T00:00:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"date": "2017-02-13T21:59:03.050000",
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"date": "2017-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"date": "2017-03-07T04:01:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"date": "2021-09-13T12:04:36.983000",
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smart Security Manager of ActiveMQ Broker Path traversal vulnerability in services",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
],
"trust": 0.8
}
}
VAR-201803-1772
Vulnerability from variot - Updated: 2023-12-18 13:52Unencrypted way of remote control and communications in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam There is a cryptographic vulnerability in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There are currently no detailed vulnerability descriptions. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1772",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6295"
}
]
},
"cve": "CVE-2018-6295",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6295",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05231",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136327",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6295",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6295",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05231",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-390",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136327",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-6295",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unencrypted way of remote control and communications in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam There is a cryptographic vulnerability in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There are currently no detailed vulnerability descriptions. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6295",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05231",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136327",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6295",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"id": "VAR-201803-1772",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
}
]
},
"last_update_date": "2023-12-18T13:52:43.527000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam does not encrypt patches for remote control and communication vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121433"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79085"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6295"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6295"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"db": "VULHUB",
"id": "VHN-136327"
},
{
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136327"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"date": "2018-03-13T17:29:00.373000",
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05231"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136327"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6295"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002843"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6295"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Encryption vulnerability in some firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002843"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-390"
}
],
"trust": 0.6
}
}
VAR-201803-1780
Vulnerability from variot - Updated: 2023-12-18 13:43Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a data processing vulnerability.Denial of service (DoS) May be in a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1780",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6303"
}
]
},
"cve": "CVE-2018-6303",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6303",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05238",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-136335",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6303",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6303",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-05238",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-382",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136335",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a data processing vulnerability.Denial of service (DoS) May be in a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6303",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05238",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136335",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"id": "VAR-201803-1780",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
}
]
},
"last_update_date": "2023-12-18T13:43:47.876000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121447"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79077"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-19",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6303"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6303"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"db": "VULHUB",
"id": "VHN-136335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136335"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"date": "2018-03-13T17:29:00.810000",
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05238"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136335"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002851"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6303"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities in data processing in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-382"
}
],
"trust": 0.6
}
}
VAR-201803-1776
Vulnerability from variot - Updated: 2023-12-18 13:38Authentication bypass in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1776",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6299"
}
]
},
"cve": "CVE-2018-6299",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6299",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05234",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136331",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6299",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6299",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05234",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-386",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136331",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Authentication bypass in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6299",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05234",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136331",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"id": "VAR-201803-1776",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
}
]
},
"last_update_date": "2023-12-18T13:38:42.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam certification bypasses the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121439"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79081"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6299"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6299"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"db": "VULHUB",
"id": "VHN-136331"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136331"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"date": "2018-03-13T17:29:00.607000",
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05234"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136331"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002847"
},
{
"date": "2018-04-09T13:50:47.247000",
"db": "NVD",
"id": "CVE-2018-6299"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to authentication in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002847"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-386"
}
],
"trust": 0.6
}
}
VAR-201803-1778
Vulnerability from variot - Updated: 2023-12-18 13:33Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains firmware, authorization, authority, and access control vulnerabilities.Information may be obtained. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6301"
}
]
},
"cve": "CVE-2018-6301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6301",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05236",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136333",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6301",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6301",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-05236",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-384",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136333",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains firmware, authorization, authority, and access control vulnerabilities.Information may be obtained. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6301",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05236",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136333",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"id": "VAR-201803-1778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
}
]
},
"last_update_date": "2023-12-18T13:33:56.923000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam arbitrarily accesses and monitors vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121443"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79079"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6301"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6301"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"db": "VULHUB",
"id": "VHN-136333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136333"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"date": "2018-03-13T17:29:00.700000",
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05236"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136333"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002849"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6301"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam , Authorization, Access Control Vulnerabilities in Firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002849"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-384"
}
],
"trust": 0.6
}
}
VAR-201909-1498
Vulnerability from variot - Updated: 2023-12-18 13:33An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device. Hanwah Techwin SRN-472s and SRN-x The device contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Hanwah Techwin SRN-472s is a network video recorder produced by Hanwah Techwin in Korea. NVR WebViewer is a set of web-based surveillance video management system running in it. The NVR WebViewer in Hanwah Techwin SRN-472s version 1.07_190502 and other SRN series products (before 2019-05-03) has a buffer error vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1498",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "srn-873s",
"scope": "lt",
"trust": 1.0,
"vendor": "hanwha security",
"version": "2019-05-03"
},
{
"model": "srn-1673s",
"scope": "lt",
"trust": 1.0,
"vendor": "hanwha security",
"version": "2019-05-03"
},
{
"model": "srn-472s",
"scope": "eq",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.07_190502"
},
{
"model": "srn-1673s",
"scope": "eq",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "2019/05/03"
},
{
"model": "srn-472s",
"scope": "eq",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "1.07_190502"
},
{
"model": "srn-873s",
"scope": "eq",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "2019/05/03"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"db": "NVD",
"id": "CVE-2019-12223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:srn-472s_firmware:1.07_190502:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:srn-472s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:srn-873s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-05-03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:srn-873s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:srn-1673s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-05-03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:srn-1673s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12223"
}
]
},
"cve": "CVE-2019-12223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-12223",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-143948",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-12223",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-12223",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-213",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-143948",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"db": "NVD",
"id": "CVE-2019-12223"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device. Hanwah Techwin SRN-472s and SRN-x The device contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Hanwah Techwin SRN-472s is a network video recorder produced by Hanwah Techwin in Korea. NVR WebViewer is a set of web-based surveillance video management system running in it. The NVR WebViewer in Hanwah Techwin SRN-472s version 1.07_190502 and other SRN series products (before 2019-05-03) has a buffer error vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12223"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"db": "VULHUB",
"id": "VHN-143948"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12223",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008962",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-213",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-143948",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"db": "NVD",
"id": "CVE-2019-12223"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-213"
}
]
},
"id": "VAR-201909-1498",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-143948"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:21.353000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SRN-472S",
"trust": 0.8,
"url": "https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/srn-472s/overview/"
},
{
"title": "Hanwah Techwin SRN-472s and other SRN Series products NVR WebViewer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97971"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"db": "NVD",
"id": "CVE-2019-12223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82"
},
{
"trust": 1.7,
"url": "https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/srn-472s/overview/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12223"
},
{
"trust": 1.0,
"url": "https://medium.com/%40noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12223"
},
{
"trust": 0.7,
"url": "https://medium.com/@noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"db": "NVD",
"id": "CVE-2019-12223"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-143948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"db": "NVD",
"id": "CVE-2019-12223"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-143948"
},
{
"date": "2019-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"date": "2019-09-05T15:15:11.783000",
"db": "NVD",
"id": "CVE-2019-12223"
},
{
"date": "2019-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-143948"
},
{
"date": "2019-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008962"
},
{
"date": "2023-11-07T03:03:30.143000",
"db": "NVD",
"id": "CVE-2019-12223"
},
{
"date": "2019-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-213"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-213"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwah Techwin SRN-472s and SRN-x Device buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008962"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-213"
}
],
"trust": 0.6
}
}
VAR-201803-1777
Vulnerability from variot - Updated: 2023-12-18 13:28Remote password change in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to certificate and password management exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6300"
}
]
},
"cve": "CVE-2018-6300",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6300",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05235",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136332",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6300",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6300",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05235",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-385",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136332",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote password change in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to certificate and password management exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6300",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05235",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136332",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"id": "VAR-201803-1777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
}
]
},
"last_update_date": "2023-12-18T13:28:59.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam Remote Password Change Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121441"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79080"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6300"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6300"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"db": "VULHUB",
"id": "VHN-136332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136332"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"date": "2018-03-13T17:29:00.653000",
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05235"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136332"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002848"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6300"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002848"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-385"
}
],
"trust": 0.6
}
}
VAR-201803-1775
Vulnerability from variot - Updated: 2023-12-18 12:57Remote code execution in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1775",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6298"
}
]
},
"cve": "CVE-2018-6298",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-6298",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05233",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-136330",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6298",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6298",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05233",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-387",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136330",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-6298",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote code execution in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6298",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-05233",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136330",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6298",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"id": "VAR-201803-1775",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
}
]
},
"last_update_date": "2023-12-18T12:57:01.414000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121437"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79082"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6298"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6298"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"db": "VULHUB",
"id": "VHN-136330"
},
{
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136330"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"date": "2018-03-13T17:29:00.543000",
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05233"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136330"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6298"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002846"
},
{
"date": "2018-04-09T13:50:23.510000",
"db": "NVD",
"id": "CVE-2018-6298"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to input validation in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002846"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-387"
}
],
"trust": 0.6
}
}
VAR-201803-1774
Vulnerability from variot - Updated: 2023-12-18 12:36Buffer overflow in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. HanwhaTechwinSmartcam has a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1774",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6297"
}
]
},
"cve": "CVE-2018-6297",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6297",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-05232",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-136329",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6297",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6297",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05232",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-388",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136329",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. HanwhaTechwinSmartcam has a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6297",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05232",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136329",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"id": "VAR-201803-1774",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
}
]
},
"last_update_date": "2023-12-18T12:36:54.215000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "HanwhaTechwinSmartcam Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121435"
},
{
"title": "Hanwha Techwin Smartcams Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79083"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6297"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6297"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"db": "VULHUB",
"id": "VHN-136329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136329"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"date": "2018-03-13T17:29:00.483000",
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05232"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136329"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002845"
},
{
"date": "2018-04-09T13:46:54.627000",
"db": "NVD",
"id": "CVE-2018-6297"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Buffer error vulnerability in some firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002845"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-388"
}
],
"trust": 0.6
}
}
VAR-201803-1779
Vulnerability from variot - Updated: 2023-12-18 12:29Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to security functions exist in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is a denial of service vulnerability in HanwhaTechwinSmartcam. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1779",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snh-v6410pn",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": "eq",
"trust": 1.6,
"vendor": "hanwha security",
"version": null
},
{
"model": "snh-v6410pn",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "snh-v6410pnw",
"scope": null,
"trust": 0.8,
"vendor": "hanwha techwin",
"version": null
},
{
"model": "techwin smartcams",
"scope": null,
"trust": 0.6,
"vendor": "hanwha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hanwha-security:snh-v6410pnw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hanwha-security:snh-v6410pnw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6302"
}
]
},
"cve": "CVE-2018-6302",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6302",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05237",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-136334",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6302",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6302",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-05237",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-383",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-136334",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-6302",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to security functions exist in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is a denial of service vulnerability in HanwhaTechwinSmartcam. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6302",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-05237",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136334",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6302",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"id": "VAR-201803-1779",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
}
]
},
"last_update_date": "2023-12-18T12:29:04.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNH-V6410PN/PNW",
"trust": 0.8,
"url": "https://www.hanwha-security.eu/home-security-products/snh-v6410pn/"
},
{
"title": "Patch for HanwhaTechwinSmartcam Denial of Service Vulnerability (CNVD-2018-05237)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121445"
},
{
"title": "Hanwha Techwin Smartcams Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79078"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6302"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6302"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"db": "VULHUB",
"id": "VHN-136334"
},
{
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136334"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"date": "2018-03-13T17:29:00.747000",
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05237"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136334"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6302"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002850"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6302"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smartcam Vulnerabilities related to security functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002850"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-383"
}
],
"trust": 0.6
}
}
CVE-2017-7912 (GCVE-0-2017-7912)
Vulnerability from cvelistv5 – Published: 2019-04-08 14:17 – Updated: 2024-08-05 16:19
VLAI
Summary
Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.
Severity
No CVSS data available.
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | SRN-4000 |
Affected:
firmware versions prior to SRN4000_v2.16_170401
|
Date Public
2017-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SRN-4000",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to SRN4000_v2.16_170401"
}
]
}
],
"datePublic": "2017-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-08T14:17:09.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SRN-4000",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to SRN4000_v2.16_170401"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-7912",
"datePublished": "2019-04-08T14:17:09.000Z",
"dateReserved": "2017-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:19:29.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6296 (GCVE-0-2018-6296)
Vulnerability from cvelistv5 – Published: 2018-03-13 17:00 – Updated: 2024-09-17 00:11
VLAI
Summary
An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- An undocumented (hidden) capability for switching the web interface
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An undocumented (hidden) capability for switching the web interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An undocumented (hidden) capability for switching the web interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6296",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:58.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6294 (GCVE-0-2018-6294)
Vulnerability from cvelistv5 – Published: 2018-03-13 17:00 – Updated: 2024-09-17 02:06
VLAI
Summary
Unsecured way of firmware update in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Unsecured way of firmware update
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unsecured way of firmware update in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unsecured way of firmware update",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unsecured way of firmware update in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsecured way of firmware update"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6294",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:06:14.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6295 (GCVE-0-2018-6295)
Vulnerability from cvelistv5 – Published: 2018-03-13 17:00 – Updated: 2024-09-16 16:37
VLAI
Summary
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Unencrypted way of remote control and communications
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unencrypted way of remote control and communications in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unencrypted way of remote control and communications",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unencrypted way of remote control and communications in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unencrypted way of remote control and communications"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6295",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:37:40.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6299 (GCVE-0-2018-6299)
Vulnerability from cvelistv5 – Published: 2018-03-13 17:00 – Updated: 2024-09-16 20:17
VLAI
Summary
Authentication bypass in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication bypass in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6299",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:17:25.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6303 (GCVE-0-2018-6303)
Vulnerability from cvelistv5 – Published: 2018-03-13 17:00 – Updated: 2024-09-17 02:00
VLAI
Summary
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Denial of service by uploading malformed firmware
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
below 1.16_171212
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "below 1.16_171212"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service by uploading malformed firmware",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "below 1.16_171212"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service by uploading malformed firmware"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6303",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:00:37.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6300 (GCVE-0-2018-6300)
Vulnerability from cvelistv5 – Published: 2018-03-13 17:00 – Updated: 2024-09-17 04:05
VLAI
Summary
Remote password change in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Remote password change
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Remote password change in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote password change",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote password change in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote password change"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6300",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:05:14.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6301 (GCVE-0-2018-6301)
Vulnerability from cvelistv5 – Published: 2018-03-13 17:00 – Updated: 2024-09-17 01:30
VLAI
Summary
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Arbitrary camera access and monitoring via cloud
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary camera access and monitoring via cloud",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary camera access and monitoring via cloud"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6301",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:30:57.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7912 (GCVE-0-2017-7912)
Vulnerability from nvd – Published: 2019-04-08 14:17 – Updated: 2024-08-05 16:19
VLAI
Summary
Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.
Severity
No CVSS data available.
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | SRN-4000 |
Affected:
firmware versions prior to SRN4000_v2.16_170401
|
Date Public
2017-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SRN-4000",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to SRN4000_v2.16_170401"
}
]
}
],
"datePublic": "2017-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-08T14:17:09.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SRN-4000",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to SRN4000_v2.16_170401"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-7912",
"datePublished": "2019-04-08T14:17:09.000Z",
"dateReserved": "2017-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:19:29.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6296 (GCVE-0-2018-6296)
Vulnerability from nvd – Published: 2018-03-13 17:00 – Updated: 2024-09-17 00:11
VLAI
Summary
An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- An undocumented (hidden) capability for switching the web interface
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An undocumented (hidden) capability for switching the web interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An undocumented (hidden) capability for switching the web interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6296",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:58.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6294 (GCVE-0-2018-6294)
Vulnerability from nvd – Published: 2018-03-13 17:00 – Updated: 2024-09-17 02:06
VLAI
Summary
Unsecured way of firmware update in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Unsecured way of firmware update
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unsecured way of firmware update in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unsecured way of firmware update",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unsecured way of firmware update in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsecured way of firmware update"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6294",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:06:14.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6295 (GCVE-0-2018-6295)
Vulnerability from nvd – Published: 2018-03-13 17:00 – Updated: 2024-09-16 16:37
VLAI
Summary
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Unencrypted way of remote control and communications
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unencrypted way of remote control and communications in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unencrypted way of remote control and communications",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unencrypted way of remote control and communications in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unencrypted way of remote control and communications"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6295",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:37:40.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6299 (GCVE-0-2018-6299)
Vulnerability from nvd – Published: 2018-03-13 17:00 – Updated: 2024-09-16 20:17
VLAI
Summary
Authentication bypass in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication bypass in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6299",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:17:25.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6303 (GCVE-0-2018-6303)
Vulnerability from nvd – Published: 2018-03-13 17:00 – Updated: 2024-09-17 02:00
VLAI
Summary
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Denial of service by uploading malformed firmware
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
below 1.16_171212
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "below 1.16_171212"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service by uploading malformed firmware",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "below 1.16_171212"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service by uploading malformed firmware"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6303",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:00:37.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6300 (GCVE-0-2018-6300)
Vulnerability from nvd – Published: 2018-03-13 17:00 – Updated: 2024-09-17 04:05
VLAI
Summary
Remote password change in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Remote password change
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Remote password change in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote password change",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote password change in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote password change"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6300",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:05:14.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6301 (GCVE-0-2018-6301)
Vulnerability from nvd – Published: 2018-03-13 17:00 – Updated: 2024-09-17 01:30
VLAI
Summary
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams
Severity
No CVSS data available.
CWE
- Arbitrary camera access and monitoring via cloud
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://securelist.com/somebodys-watching-when-ca… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Techwin | Hanwha Techwin Smartcams |
Affected:
7.55
|
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hanwha Techwin Smartcams",
"vendor": "Hanwha Techwin",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary camera access and monitoring via cloud",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T16:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-03-12T00:00:00",
"ID": "CVE-2018-6301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hanwha Techwin Smartcams",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Hanwha Techwin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary camera access and monitoring via cloud"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/",
"refsource": "MISC",
"url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6301",
"datePublished": "2018-03-13T17:00:00.000Z",
"dateReserved": "2018-01-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:30:57.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}