Vulnerability CVE-2018-6301


Published: 2018-03-13

Description:
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams

Type:

CWE-noinfo

Vendor: Hanwha-security
Product: Snh-v6410pn firmware 
Product: Snh-v6410pnw firmware 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/

Related CVE
CVE-2019-12223
An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username trig...
CVE-2018-6303
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams
CVE-2018-6302
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams
CVE-2018-6300
Remote password change in Hanwha Techwin Smartcams
CVE-2018-6299
Authentication bypass in Hanwha Techwin Smartcams
CVE-2018-6298
Remote code execution in Hanwha Techwin Smartcams
CVE-2018-6297
Buffer overflow in Hanwha Techwin Smartcams
CVE-2018-6296
An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams

Copyright 2019, cxsecurity.com

 

Back to Top