Strix
26.1K

CVE-2023-5037

HIGHCVSS 7.1/10EPSS 1.51%

Last modified

CVE-2023-5037 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. EPSS estimates a 1.51% chance of exploitation in the next 30 days.

Description

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Metrics

CVSS 3.1
7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0
7.1/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
1.51%

71.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HanwhavisionAno-L6012r Firmware< 1.41.16
HanwhavisionAno-L6022r Firmware< 1.41.16
HanwhavisionAnv-L6012r Firmware< 1.41.16
HanwhavisionAno-L6082r Firmware< 1.41.16
HanwhavisionAne-L6012r Firmware< 1.41.16
HanwhavisionAnv-L6082r Firmware< 1.41.16
HanwhavisionAno-L7082r Firmware< 1.41.16
HanwhavisionAne-L7012r Firmware< 1.41.16
HanwhavisionAnv-L7082r Firmware< 1.41.16
HanwhavisionAno-L7012r Firmware< 1.41.16
HanwhavisionAno-L7022r Firmware< 1.41.16
HanwhavisionAnv-L7012r Firmware< 1.41.16
HanwhavisionPnm-C9022rv Firmware< 2.22.02
HanwhavisionPnm-9000qb Firmware< 2.22.01
HanwhavisionPnm-7002vd Firmware< 2.22.02
HanwhavisionPnm-8082vt Firmware< 2.22.00
HanwhavisionPnm-9002vq Firmware< 2.22.02
HanwhavisionPnm-9022v Firmware< 2.22.00
HanwhavisionPnm-9031rv Firmware< 2.22.01
HanwhavisionPnm-9084qz Firmware< 2.22.02
HanwhavisionPnm-9084rqz Firmware< 2.22.02
HanwhavisionPnm-9085rqz Firmware< 2.22.02
HanwhavisionPnm-9084qz1 Firmware< 2.22.02
HanwhavisionPnm-9084rqz1 Firmware< 2.22.02
HanwhavisionPnm-9085rqz1 Firmware< 2.22.02
HanwhavisionPnm-9322vqp Firmware< 2.22.02
HanwhavisionPnm-7082rvd Firmware< 2.22.02
HanwhavisionPnm-12082rvd Firmware< 2.22.02
HanwhavisionLno-6072r Firmware< 1.41.13
HanwhavisionLnd-6012r Firmware< 1.41.13
HanwhavisionLno-6032r Firmware< 1.41.13
HanwhavisionLnv-6032r Firmware< 1.41.13
HanwhavisionLnd-6022r Firmware< 1.41.13
HanwhavisionLnd-6072r Firmware< 1.41.13
HanwhavisionLno-6022r Firmware< 1.41.13
HanwhavisionLnv-6012r Firmware< 1.41.13
HanwhavisionLnv-6072r Firmware< 1.41.13
HanwhavisionLnd-6032r Firmware< 1.41.13
HanwhavisionLnv-6022r Firmware< 1.41.13
HanwhavisionLno-6012r Firmware< 1.41.13
HanwhavisionQnd-6011 Firmware< 1.41.16
HanwhavisionQnd-6012r Firmware< 1.41.16
HanwhavisionQnd-6021 Firmware< 1.41.16
HanwhavisionQnd-6022r Firmware< 1.41.16
HanwhavisionQnd-6032r Firmware< 1.41.16
HanwhavisionQnd-6072r Firmware< 1.41.16
HanwhavisionQnd-6073r Firmware< 1.41.16
HanwhavisionQnd-6082r Firmware< 1.41.16
HanwhavisionQnd-6083r Firmware< 1.41.16
HanwhavisionQno-6012r Firmware< 1.41.16

Showing 50 of 183 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-5037?
badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
How severe is CVE-2023-5037?
CVE-2023-5037 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 1.51% probability of exploitation in the next 30 days.
How do I fix CVE-2023-5037?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-5037?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST