CVE-2019-12223

05.09.2019, 15:15

An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Vendor	Product	Version
hanwha-security	srn-472s_firmware	1.07_190502:_190502
hanwha-security	srn-873s_firmware	𝑥 < 2019-05-03
hanwha-security	srn-1673s_firmware	𝑥 < 2019-05-03

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82

https://medium.com/%40noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd

https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/

https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82

https://medium.com/%40noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd

https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/