CVE-2019-12223
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
05/09/2019
Last modified:
07/11/2023
Description
An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:hanwha-security:srn-472s_firmware:1.07_190502:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hanwha-security:srn-472s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hanwha-security:srn-873s_firmware:*:*:*:*:*:*:*:* | 2019-05-03 (excluding) | |
| cpe:2.3:h:hanwha-security:srn-873s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hanwha-security:srn-1673s_firmware:*:*:*:*:*:*:*:* | 2019-05-03 (excluding) | |
| cpe:2.3:h:hanwha-security:srn-1673s:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page