CVE-2023-5747

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution."
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*
cpe:2.3:o:hanwhavision:pno-a6081r-e1t_firmware:2.21.02:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e1t:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*
cpe:2.3:o:hanwhavision:pno-a6081r-e2t_firmware:2.21.02:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e2t:-:*:*:*:*:*:*:*

History

17 Nov 2023, 13:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-347
References () https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf - () https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf - Third Party Advisory
CPE cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e2t:-:*:*:*:*:*:*:*
cpe:2.3:o:hanwhavision:pno-a6081r-e2t_firmware:2.21.02:*:*:*:*:*:*:*
cpe:2.3:h:hanwhavision:pno-a6081r-e1t:-:*:*:*:*:*:*:*
cpe:2.3:o:hanwhavision:pno-a6081r-e1t_firmware:2.21.02:*:*:*:*:*:*:*
First Time Hanwhavision wave Server Software
Hanwhavision pno-a6081r-e1t Firmware
Hanwhavision
Hanwhavision pno-a6081r-e2t
Hanwhavision pno-a6081r-e1t
Hanwhavision pno-a6081r-e2t Firmware

13 Nov 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-13 08:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-5747

Mitre link : CVE-2023-5747

CVE.ORG link : CVE-2023-5747


JSON object : View

Products Affected

hanwhavision

  • pno-a6081r-e2t_firmware
  • pno-a6081r-e2t
  • wave_server_software
  • pno-a6081r-e1t
  • pno-a6081r-e1t_firmware
CWE
CWE-347

Improper Verification of Cryptographic Signature

CWE-345

Insufficient Verification of Data Authenticity