CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
71.1%
An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.
Vendor | Product | Version | CPE |
---|---|---|---|
hanwha-security | srn-472s_firmware | 1.07_190502 | cpe:2.3:o:hanwha-security:srn-472s_firmware:1.07_190502:*:*:*:*:*:*:* |
hanwha-security | srn-472s | - | cpe:2.3:h:hanwha-security:srn-472s:-:*:*:*:*:*:*:* |
hanwha-security | srn-873s_firmware | * | cpe:2.3:o:hanwha-security:srn-873s_firmware:*:*:*:*:*:*:*:* |
hanwha-security | srn-873s | - | cpe:2.3:h:hanwha-security:srn-873s:-:*:*:*:*:*:*:* |
hanwha-security | srn-1673s_firmware | * | cpe:2.3:o:hanwha-security:srn-1673s_firmware:*:*:*:*:*:*:*:* |
hanwha-security | srn-1673s | - | cpe:2.3:h:hanwha-security:srn-1673s:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
71.1%