CVE-2023-5037 — OS Command Injection in Ane-l6012r Firmware

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.4%

top 36.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

183

Hanwhavision Ane-l6012r Firmware Hanwhavision Ane-l7012r Firmware Hanwhavision Ano-l6012r Firmware +180 more

Timeline

PublishedNov 13

Latest updateMay 22

Description

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Packages183 packages

▶NVDhanwhavision/qnb-8002_firmware< 1.41.17

▶NVDhanwhavision/qnd-6011_firmware< 1.41.16

▶NVDhanwhavision/qnd-6021_firmware< 1.41.16

▶NVDhanwhavision/qnd-8011_firmware< 1.42.01

▶NVDhanwhavision/qnd-8021_firmware< 1.42.01

🔴Vulnerability Details

CVEList

Authenticated Command Injection↗2023-11-13

▶

💬Community

Bugzilla

CVE-2023-52701 kernel: net: use a bounce buffer for copying skb->mark↗2024-05-22

▶