CVE-2023-5747

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution."

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:hanwhavision:wave_server_software::::::::
	cpe:2.3:o:hanwhavision:pno-a6081r-e1t_firmware:2.21.02:::::::*

cpe:2.3:h:hanwhavision:pno-a6081r-e1t:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:hanwhavision:wave_server_software::::::::
	cpe:2.3:o:hanwhavision:pno-a6081r-e2t_firmware:2.21.02:::::::*

cpe:2.3:h:hanwhavision:pno-a6081r-e2t:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-13 08:15

Updated : 2023-11-17 13:51

NVD link : CVE-2023-5747

Mitre link : CVE-2023-5747

CVE.ORG link : CVE-2023-5747

JSON object : View

Products Affected

hanwhavision

pno-a6081r-e1t
pno-a6081r-e2t_firmware
pno-a6081r-e1t_firmware
pno-a6081r-e2t
wave_server_software

CWE

CWE-347

Improper Verification of Cryptographic Signature

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2023-5747", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-11-13T08:15:26.530", "references": [{"url": "https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf", "tags": ["Third Party Advisory"], "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}, {"type": "Secondary", "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "description": [{"lang": "en", "value": "CWE-345"}, {"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution.\""}, {"lang": "es", "value": "Bashis, es un Security Researcher at IPVM, encontr\u00f3 una falla que permite la ejecuci\u00f3n remota de c\u00f3digo durante la instalaci\u00f3n de Wave en el dispositivo de la c\u00e1mara. La aplicaci\u00f3n del servidor Wave en el dispositivo de la c\u00e1mara era vulnerable a la inyecci\u00f3n de comandos, lo que permit\u00eda a un atacante ejecutar c\u00f3digo arbitrario. HanwhaVision ha lanzado un firmware parcheado para la falla resaltada. Consulte el informe de seguridad de hanwhavision para obtener m\u00e1s informaci\u00f3n y soluciones\"."}], "lastModified": "2023-11-17T13:51:04.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "083DB67F-A636-4CC4-A731-8979EAA28E56", "versionEndExcluding": "5.1.1.37647"}, {"criteria": "cpe:2.3:o:hanwhavision:pno-a6081r-e1t_firmware:2.21.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90E127EA-B3E5-45CF-8087-EFBC66708548"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hanwhavision:pno-a6081r-e1t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D4A33CA-1CAA-4BC2-8B6A-E5AFDA5E19B5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "083DB67F-A636-4CC4-A731-8979EAA28E56", "versionEndExcluding": "5.1.1.37647"}, {"criteria": "cpe:2.3:o:hanwhavision:pno-a6081r-e2t_firmware:2.21.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3371638-F23E-4FA3-B0A4-44EF3426A056"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hanwhavision:pno-a6081r-e2t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0561EB6-5030-4BED-A531-236A2BB8AB43"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "fc9afe74-3f80-4fb7-a313-e6f036a89882"}