CVE-2023-5747

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution."
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*
cpe:2.3:o:hanwhavision:pno-a6081r-e1t_firmware:2.21.02:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e1t:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*
cpe:2.3:o:hanwhavision:pno-a6081r-e2t_firmware:2.21.02:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e2t:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:42

Type Values Removed Values Added
References () https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf - Third Party Advisory () https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf - Third Party Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.2

17 Nov 2023, 13:51

Type Values Removed Values Added
CWE CWE-347
References () https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf - () https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf - Third Party Advisory
First Time Hanwhavision wave Server Software
Hanwhavision pno-a6081r-e1t Firmware
Hanwhavision
Hanwhavision pno-a6081r-e2t
Hanwhavision pno-a6081r-e1t
Hanwhavision pno-a6081r-e2t Firmware
CPE cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e2t:-:*:*:*:*:*:*:*
cpe:2.3:o:hanwhavision:pno-a6081r-e2t_firmware:2.21.02:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e1t:-:*:*:*:*:*:*:*
cpe:2.3:o:hanwhavision:pno-a6081r-e1t_firmware:2.21.02:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

13 Nov 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-13 08:15

Updated : 2024-11-21 08:42


NVD link : CVE-2023-5747

Mitre link : CVE-2023-5747

CVE.ORG link : CVE-2023-5747


JSON object : View

Products Affected

hanwhavision

  • wave_server_software
  • pno-a6081r-e2t_firmware
  • pno-a6081r-e1t_firmware
  • pno-a6081r-e1t
  • pno-a6081r-e2t
CWE
CWE-345

Insufficient Verification of Data Authenticity

CWE-347

Improper Verification of Cryptographic Signature