Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-5747

Опубликовано: 13 нояб. 2023
Источник: nvd
CVSS3: 7.2
CVSS3: 8.8
EPSS Низкий

Описание

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*
Версия до 5.1.1.37647 (исключая)
cpe:2.3:o:hanwhavision:pno-a6081r-e1t_firmware:2.21.02:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e1t:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*
Версия до 5.1.1.37647 (исключая)
cpe:2.3:o:hanwhavision:pno-a6081r-e2t_firmware:2.21.02:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e2t:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%
0.00341
Низкий

7.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-345
CWE-347

Связанные уязвимости

github логотип

GHSA-h623-q49p-mg8q

CVSS3: 7.2
github
около 2 лет назад

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution."

EPSS

Процентиль: 56%
0.00341
Низкий

7.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-345
CWE-347