CVE-2024-54012 HIGH

CVE-2024-54012: Command Injection

Vendor Hanwha Vision

Product QND-8080R

Weakness CWE-78

Published April 28, 2026

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer's report for details and workarounds.

Key dates

02Disclosure timeline

April 28, 2026 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-54012

Related vulnerabilities

CVE-2024-54012: Command Injection

01Description

02Disclosure timeline

03References

04Related CVE