CVE-2023-5037 Vulnerability Details

  /     /     /  

CVE-2023-5037 Metadata Quick Info

CVE Published: 13/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Hanwha_Vision | Vendor: Hanwha Vision Co., Ltd. | Product: A-Series, Q-Series, PNM-series Camera
Status : PUBLISHED

CVE-2023-5037 Description

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\'s report for details and workarounds.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-78
CWE Name: CWE-78 Improper Neutralization of Special Elements used in an OS Command ( OS Command Injection )
Source: Hanwha Vision Co., Ltd.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-88
CAPEC Description: CAPEC-88 OS Command Injection