CVE-2017-7912
published 2019-04-08CVE-2017-7912: Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.77%
90.8th percentile
Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hanwha_techwin | srn-4000 | — | — |
| hanwhasecurity | srn-4000_firmware | < 2.16_170401 | 2.16_170401 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a specially crafted HTTP request and response to gain access to the device management page with admin privileges without authentication — monitor for unauthenticated HTTP requests to the SRN-4000 web management portal that result in admin-level session establishment. ↗
- →The attack is remotely exploitable with low skill level required, requires no privileges and no user interaction (CVSS vector AV:N/AC:L/PR:N/UI:N) — any unauthenticated inbound HTTP traffic to the SRN-4000 management interface should be treated as suspicious. ↗
- →Successful exploitation grants remote access to the web management portal with admin privileges — alert on admin-privileged sessions on the SRN-4000 web portal that were not preceded by a valid authentication sequence. ↗
- ·Only Hanwha Techwin SRN-4000 devices running firmware versions prior to SRN4000_v2.16_170401 are affected; patched devices running SRN4000_v2.16_170401 or newer are not vulnerable. ↗
- ·No known public exploits specifically target this vulnerability at the time of advisory publication, limiting the ability to create signature-based detections from known exploit code. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pgcw-hp94-qc6c: Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2
ghsa_unreviewed·2022-05-13
CVE-2017-7912 [CRITICAL] CWE-287 GHSA-pgcw-hp94-qc6c: Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2
Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.
CISA ICS
Hanwha Techwin SRN-4000
cisa_ics·2017-05-16
Hanwha Techwin SRN-4000
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hanwha Techwin SRN-4000
Last RevisedMay 16, 2017
Alert CodeICSA-17-136-03
## CVSS v3 9.8
ATTENTION: Remotely exploitable/low skill level to exploit
Vendor: Hanwha Techwin
Equipment: SRN-4000
Vulnerability: Unauthenticated Access
## AFFECTED PRODUCTS
The following versions of SRN-4000, a network video management platform, are affected:
- SRN-4000 firmware versions prior to SRN4000_v2.16_170401.
## IMPACT
Successful exploitation of this vulnerability could allow the attacker remote access to the web management portal with admin privileges without authentication.
## MITIGA
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-04-08
Published