7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.6%
ThroughTek’s Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim’s connection and forcing them into supplying credentials needed to access the victim TUTK device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502278);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/28");
script_cve_id("CVE-2021-28372");
script_name(english:"ThroughTek Kalay P2P SDK Improper Access Control (CVE-2021-28372)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary
ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could
result in an attacker hijacking a victim's connection and forcing them into supplying credentials
needed to access the victim TUTK device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.hanwhavision.com/wp-content/uploads/2021/10/NVR-Vulnerability-Report-210909-1.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9e1ef0c");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-229-01");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
ThroughTek recommends original equipment manufacturers to implement the following mitigations:
- If SDK is Version 3.1.10 and above, enable authkey and DTLS.
- If SDK is any version prior to 3.1.10, upgrade library to v3.3.1.0 or v3.4.2.0 and enable authkey/DTLS.
ThroughTek recommends device users to avoid accessing their devices from untrusted networks.
Additional information can be found in the ThroughTek advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-28372");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/17");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/26");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-2010a_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-2011a_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-3010a_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-1610a_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-1610sa_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:lrn-410s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:lrn-810s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-810s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-410s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:qrn-810_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:qrn-410_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-420s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:qrn-430s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:qrn-1610s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:qrn-810s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:qrn-410s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:qrn-420s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:qrn-820s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-1621_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-1620_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-821_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-820_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-421_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-420_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-1632_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-835_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-435_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:hrx-434_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-3210b2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-1610b2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-3200b2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-1600b2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-3205b2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-1605b2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-6410db4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-6410b4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-3210b4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-6400db4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-6400b4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-3200b4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-6405db4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-6405b4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:prn-3205b4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-6410db4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-6410b4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-3210b4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-6410rb2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-6410b2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-3210rb2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-3210b2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-1620b2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-1620sb1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:xrn-820s_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/HanwhaVision");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/HanwhaVision');
var asset = tenable_ot::assets::get(vendor:'HanwhaVision');
var vuln_cpes = {
"cpe:/o:hanwhavision:xrn-2010a_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-2011a_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-3010a_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-1610a_firmware" :
{"versionEndIncluding" : "2.48", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-1610sa_firmware" :
{"versionEndIncluding" : "2.48", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:lrn-410s_firmware" :
{"versionEndIncluding" : "3.06.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:lrn-810s_firmware" :
{"versionEndIncluding" : "3.06.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-810s_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-410s_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:qrn-810_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:qrn-410_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-420s_firmware" :
{"versionEndIncluding" : "4.10.00", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:qrn-430s_firmware" :
{"versionEndIncluding" : "4.10.00", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:qrn-1610s_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:qrn-810s_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:qrn-410s_firmware" :
{"versionEndIncluding" : "2.46", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:qrn-420s_firmware" :
{"versionEndIncluding" : "3.07.11", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:qrn-820s_firmware" :
{"versionEndIncluding" : "3.07.11", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:lrn-1610s_firmware" :
{"versionEndIncluding" : "3.06.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-1621_firmware" :
{"versionEndIncluding" : "3.05.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-1620_firmware" :
{"versionEndIncluding" : "3.05.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-821_firmware" :
{"versionEndIncluding" : "3.05.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-820_firmware" :
{"versionEndIncluding" : "3.05.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-421_firmware" :
{"versionEndIncluding" : "3.05.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-420_firmware" :
{"versionEndIncluding" : "3.05.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-1632_firmware" :
{"versionEndIncluding" : "4.09.00", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-835_firmware" :
{"versionEndIncluding" : "4.09.00", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-435_firmware" :
{"versionEndIncluding" : "4.09.00", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:hrx-434_firmware" :
{"versionEndIncluding" : "4.09.00", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-3210b2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-1610b2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-3200b2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-1600b2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-3205b2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-1605b2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-6410db4_firmware" :
{"versionEndIncluding" : "4.05.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-6410b4_firmware" :
{"versionEndIncluding" : "4.05.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-3210b4_firmware" :
{"versionEndIncluding" : "4.05.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-6400db4_firmware" :
{"versionEndIncluding" : "4.05.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-6400b4_firmware" :
{"versionEndIncluding" : "4.05.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-3200b4_firmware" :
{"versionEndIncluding" : "4.05.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-6405db4_firmware" :
{"versionEndIncluding" : "4.05.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-6405b4_firmware" :
{"versionEndIncluding" : "4.05.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:prn-3205b4_firmware" :
{"versionEndIncluding" : "4.05.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-6410db4_firmware" :
{"versionEndIncluding" : "4.06.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-6410b4_firmware" :
{"versionEndIncluding" : "4.06.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-3210b4_firmware" :
{"versionEndIncluding" : "4.06.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-6410rb2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-6410b2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-3210rb2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-3210b2_firmware" :
{"versionEndIncluding" : "4.04.22", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-1620b2_firmware" :
{"versionEndIncluding" : "4.07.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-1620sb1_firmware" :
{"versionEndIncluding" : "4.07.12", "family" : "HanwhaVideoRecorders"},
"cpe:/o:hanwhavision:xrn-820s_firmware" :
{"versionEndIncluding" : "4.07.12", "family" : "HanwhaVideoRecorders"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
hanwhavision | prn-3210b2_firmware | cpe:/o:hanwhavision:prn-3210b2_firmware | |
hanwhavision | xrn-1610sa_firmware | cpe:/o:hanwhavision:xrn-1610sa_firmware | |
hanwhavision | prn-3200b4_firmware | cpe:/o:hanwhavision:prn-3200b4_firmware | |
hanwhavision | xrn-1620b2_firmware | cpe:/o:hanwhavision:xrn-1620b2_firmware | |
hanwhavision | qrn-430s_firmware | cpe:/o:hanwhavision:qrn-430s_firmware | |
hanwhavision | prn-6400db4_firmware | cpe:/o:hanwhavision:prn-6400db4_firmware | |
hanwhavision | xrn-410s_firmware | cpe:/o:hanwhavision:xrn-410s_firmware | |
hanwhavision | prn-6410db4_firmware | cpe:/o:hanwhavision:prn-6410db4_firmware | |
hanwhavision | xrn-3210rb2_firmware | cpe:/o:hanwhavision:xrn-3210rb2_firmware | |
hanwhavision | qrn-420s_firmware | cpe:/o:hanwhavision:qrn-420s_firmware |
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.6%