Strix
26.1K

CVE-2019-18230

HIGHCVSS 7.5/10EPSS 1.13%

Last modified

CVE-2019-18230 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.. EPSS estimates a 1.13% chance of exploitation in the next 30 days.

Description

Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
1.13%

62.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HoneywellH4d8pr1 Firmware< 1.000.hw01.3.20190820
HoneywellHfd5pr1 Firmware< 1.000.hw01.1.20190822
HoneywellHpw2p1 Firmware< 1.000.hw01.3.20190820
HoneywellHdzp304di Firmware< 1.000.hw10.5.20190812
HoneywellHdzp252di Firmware< 1.000.hw02.3.20181109
HoneywellHdz302din-S1 Firmware< 1.000.0041.20180530
HoneywellHdz302lik Firmware< 1.000.61.1.20180607
HoneywellHdz302liw Firmware< 1.000.61.1.20180607
HoneywellHfd6gr1 Firmware< 1.000.hw00.9.20180510
HoneywellHfd8gr1 Firmware< 1.000.hw00.9.20180510
HoneywellHm4l8gr1 Firmware< 1.000.hw02.8.20190813
HoneywellHmbl8gr1 Firmware< 1.000.hw02.8.20190813
HoneywellH2w2gr1 Firmware< 1.000.0000.18.20190409
HoneywellH3w2gr1 Firmware< 1.000.hw00.21.20190812
HoneywellH3w2gr1v Firmware< 1.000.0000.18.20190409
HoneywellH3w2gr2 Firmware< 1.000.hw00.21.20190812
HoneywellH3w4gr1 Firmware< 1.000.hw00.21.20190812
HoneywellH3w4gr1v Firmware< 1.000.0000.18.20190409
HoneywellH4d8gr1 Firmware< 2.420.hw00.9.20180510
HoneywellH4l2gr1 Firmware< 1.000.0000.18.20190423
HoneywellH4l2gr1v Firmware< 1.000.0000.18.20190423
HoneywellH4l6gr2 Firmware< 1.000.hw02.8.20190813
HoneywellH4lggr2 Firmware< 1.000.hw04.3.20190813
HoneywellH4w2gr1 Firmware< 1.000.hw00.21.20190812
HoneywellH4w2gr1v Firmware< 1.000.0000.18.20190409
HoneywellH4w2gr2 Firmware< 1.000.hw00.21.20190812
HoneywellH4w4gr1 Firmware< 1.000.hw00.21.20190812
HoneywellH4w4gr1v Firmware< 1.000.0000.18.20190409
HoneywellHbd8gr1 Firmware< 2.420.hw00.9.20180510
HoneywellHbl2gr1 Firmware< 2.420.hw01.33.20190812
HoneywellHbl2gr1v Firmware< 1.000.0000.18.20190423
HoneywellHbl6gr2 Firmware< 1.000.hw04.3.20190813
HoneywellHbl6gr2 Firmware< 1.000.hw02.8.20190813
HoneywellHbw2gr1 Firmware< 1.000.hw00.21.20190812
HoneywellHbw2gr1v Firmware< 1.000.0000.18.20190409
HoneywellHbw2gr3 Firmware< 1.000.hw00.21.20190812
HoneywellHbw2gr3v Firmware< 1.000.0000.18.20190409
HoneywellHbw4gr1 Firmware< 1.000.hw00.21.20190812
HoneywellHbw4gr1v Firmware< 1.000.0000.18.20190409
HoneywellHcd8g Firmware< 2.420.hw00.9.20180510
HoneywellHcl2g Firmware< 1.000.0000.18.20190423
HoneywellHcl2gv Firmware< 1.000.0000.18.20190423
HoneywellHcw2g Firmware< 1.000.hw00.21.20190812
HoneywellHcw2gv Firmware< 1.000.0000.18.20190409
HoneywellHcw4g Firmware< 1.000.hw00.21.20190812
HoneywellHdz302d Firmware< 1.000.0041.20180530
HoneywellHdz302de Firmware< 1.000.0041.20180530
HoneywellHdz302din Firmware< 1.000.0041.20180530
HoneywellHdz302din-C1 Firmware< 1.000.0041.20180530

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-18230?
Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.
How severe is CVE-2019-18230?
CVE-2019-18230 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.13% probability of exploitation in the next 30 days.
How do I fix CVE-2019-18230?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-18230?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST