CVE-2023-5038 HIGH

CVE-2023-5038: Unauthenticated DoS

Vendor Hanwha Vision Co., Ltd.
Product A-Series, Q-Series, PNM-series Camera
Weakness CWE-703
Published June 25, 2024
Last update August 2, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Key dates

02Disclosure timeline

June 25, 2024 CVE published
August 2, 2024 Record updated