cbcvebase.
CVE-2017-7912
published 2019-04-08

CVE-2017-7912: Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.77%
90.8th percentile
Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.

Affected

2 ranges
VendorProductVersion rangeFixed in
hanwha_techwinsrn-4000
hanwhasecuritysrn-4000_firmware< 2.16_1704012.16_170401

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via a specially crafted HTTP request and response to gain access to the device management page with admin privileges without authentication — monitor for unauthenticated HTTP requests to the SRN-4000 web management portal that result in admin-level session establishment.
  • The attack is remotely exploitable with low skill level required, requires no privileges and no user interaction (CVSS vector AV:N/AC:L/PR:N/UI:N) — any unauthenticated inbound HTTP traffic to the SRN-4000 management interface should be treated as suspicious.
  • Successful exploitation grants remote access to the web management portal with admin privileges — alert on admin-privileged sessions on the SRN-4000 web portal that were not preceded by a valid authentication sequence.
  • ·Only Hanwha Techwin SRN-4000 devices running firmware versions prior to SRN4000_v2.16_170401 are affected; patched devices running SRN4000_v2.16_170401 or newer are not vulnerable.
  • ·No known public exploits specifically target this vulnerability at the time of advisory publication, limiting the ability to create signature-based detections from known exploit code.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.