CVE-2023-5038 — Uncaught Exception in Ane-l6012r Firmware

CWE-248 — Uncaught Exception CWE-703 — Improper Check or Handling of Exceptional Conditions3 documents3 sources

Severity

8.7HIGHNVD

EPSS

0.4%

top 39.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

183

Hanwhavision Ane-l6012r Firmware Hanwhavision Ane-l7012r Firmware Hanwhavision Ano-l6012r Firmware +180 more

Timeline

PublishedJun 25

Description

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages183 packages

▶NVDhanwhavision/qnb-8002_firmware< 1.41.17

▶NVDhanwhavision/qnd-6011_firmware< 1.41.16

▶NVDhanwhavision/qnd-6021_firmware< 1.41.16

▶NVDhanwhavision/qnd-8011_firmware< 1.42.01

▶NVDhanwhavision/qnd-8021_firmware< 1.42.01

🔴Vulnerability Details

CVEList

Unauthenticated DoS↗2024-06-25

▶

GHSA

GHSA-95c3-qh99-cvf2: badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera↗2024-06-25

▶