CVE-2023-5037 HIGH

CVE-2023-5037: Authenticated Command Injection

Vendor Hanwha Vision Co., Ltd.
Product A-Series, Q-Series, PNM-series Camera
Weakness CWE-78
Published November 13, 2023
Last update August 2, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Key dates

02Disclosure timeline

November 13, 2023 CVE published
August 2, 2024 Record updated