Strix
26.1K

CVE-2023-5038

HIGHCVSS 8.7/10EPSS 0.42%

Last modified

CVE-2023-5038 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0
8.7/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
0.42%

33.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HanwhavisionAno-L6012r Firmware< 1.41.16
HanwhavisionAno-L6022r Firmware< 1.41.16
HanwhavisionAnv-L6012r Firmware< 1.41.16
HanwhavisionAno-L6082r Firmware< 1.41.16
HanwhavisionAne-L6012r Firmware< 1.41.16
HanwhavisionAnv-L6082r Firmware< 1.41.16
HanwhavisionAno-L7082r Firmware< 1.41.16
HanwhavisionAne-L7012r Firmware< 1.41.16
HanwhavisionAnv-L7082r Firmware< 1.41.16
HanwhavisionAno-L7012r Firmware< 1.41.16
HanwhavisionAno-L7022r Firmware< 1.41.16
HanwhavisionAnv-L7012r Firmware< 1.41.16
HanwhavisionPnm-C9022rv Firmware< 2.22.02
HanwhavisionPnm-9000qb Firmware< 2.22.01
HanwhavisionPnm-7002vd Firmware< 2.22.02
HanwhavisionPnm-8082vt Firmware< 2.22.00
HanwhavisionPnm-9002vq Firmware< 2.22.02
HanwhavisionPnm-9022v Firmware< 2.22.00
HanwhavisionPnm-9031rv Firmware< 2.22.01
HanwhavisionPnm-9084qz Firmware< 2.22.02
HanwhavisionPnm-9084rqz Firmware< 2.22.02
HanwhavisionPnm-9085rqz Firmware< 2.22.02
HanwhavisionPnm-9084qz1 Firmware< 2.22.02
HanwhavisionPnm-9084rqz1 Firmware< 2.22.02
HanwhavisionPnm-9085rqz1 Firmware< 2.22.02
HanwhavisionPnm-9322vqp Firmware< 2.22.02
HanwhavisionPnm-7082rvd Firmware< 2.22.02
HanwhavisionPnm-12082rvd Firmware< 2.22.02
HanwhavisionLno-6072r Firmware< 1.41.13
HanwhavisionLnd-6012r Firmware< 1.41.13
HanwhavisionLno-6032r Firmware< 1.41.13
HanwhavisionLnv-6032r Firmware< 1.41.13
HanwhavisionLnd-6022r Firmware< 1.41.13
HanwhavisionLnd-6072r Firmware< 1.41.13
HanwhavisionLno-6022r Firmware< 1.41.13
HanwhavisionLnv-6012r Firmware< 1.41.13
HanwhavisionLnv-6072r Firmware< 1.41.13
HanwhavisionLnd-6032r Firmware< 1.41.13
HanwhavisionLnv-6022r Firmware< 1.41.13
HanwhavisionLno-6012r Firmware< 1.41.13
HanwhavisionQnd-6011 Firmware< 1.41.16
HanwhavisionQnd-6012r Firmware< 1.41.16
HanwhavisionQnd-6021 Firmware< 1.41.16
HanwhavisionQnd-6022r Firmware< 1.41.16
HanwhavisionQnd-6032r Firmware< 1.41.16
HanwhavisionQnd-6072r Firmware< 1.41.16
HanwhavisionQnd-6073r Firmware< 1.41.16
HanwhavisionQnd-6082r Firmware< 1.41.16
HanwhavisionQnd-6083r Firmware< 1.41.16
HanwhavisionQno-6012r Firmware< 1.41.16

Showing 50 of 183 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-5038?
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
How severe is CVE-2023-5038?
CVE-2023-5038 has a CVSS score of 8.7/10 (HIGH severity). The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.
How do I fix CVE-2023-5038?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-5038?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST