Lucene search

Fc9afe74-3f80-4fb7-a313-e6f036a89882CVE-2023-6096

HistoryApr 26, 2024 - 8:15 a.m.

CVE-2023-6096

2024-04-2608:15:11

CWE-668

fc9afe74-3f80-4fb7-a313-e6f036a89882

web.nvd.nist.gov

cve-2023-6096

security researcher

encryption

flaw

manufacturer report

patch firmware

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer’s report for details and workarounds.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HRX-1620",
    "vendor": "Hanwha Vision Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "3.05.62 and prior versions"
      }
    ]
  }
]

References

www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-6096