CVE-2019-13523
26.09.2019, 16:15
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.Enginsight
| Vendor | Product | Version |
|---|---|---|
| honeywell | hbd3pr2_firmware | - |
| honeywell | h4d3prv3_firmware | - |
| honeywell | hed3pr3_firmware | - |
| honeywell | h4d3prv2_firmware | - |
| honeywell | hbd3pr1_firmware | - |
| honeywell | h4w8pr2_firmware | - |
| honeywell | hbw8pr2_firmware | - |
| honeywell | h2w2pc1m_firmware | - |
| honeywell | h2w4per3_firmware | - |
| honeywell | h2w2per3_firmware | - |
| honeywell | hew2per3_firmware | - |
| honeywell | hew4per3b_firmware | - |
| honeywell | hbw2per1_firmware | - |
| honeywell | hew4per2_firmware | - |
| honeywell | hew4per2b_firmware | - |
| honeywell | hew2per2_firmware | - |
| honeywell | h4w2per2_firmware | - |
| honeywell | hbw2per2_firmware | - |
| honeywell | h4w2per3_firmware | - |
| honeywell | hpw2p1_firmware | - |
| honeywell | hen08104_firmware | - |
| honeywell | hen08144_firmware | - |
| honeywell | hen081124_firmware | - |
| honeywell | hen16104_firmware | - |
| honeywell | hen16144_firmware | - |
| honeywell | hen16184_firmware | - |
| honeywell | hen16204_firmware | - |
| honeywell | hen162244_firmware | - |
| honeywell | hen16284_firmware | - |
| honeywell | hen16304_firmware | - |
| honeywell | hen16384_firmware | - |
| honeywell | hen32104_firmware | - |
| honeywell | hen321124_firmware | - |
| honeywell | hen32204_firmware | - |
| honeywell | hen32284_firmware | - |
| honeywell | hen322164_firmware | - |
| honeywell | hen32304_firmware | - |
| honeywell | hen32384_firmware | - |
| honeywell | hen323164_firmware | - |
| honeywell | hen64204_firmware | - |
| honeywell | hen64304_firmware | - |
| honeywell | hen643164_firmware | - |
| honeywell | hen643324_firmware | - |
| honeywell | hen643484_firmware | - |
| honeywell | hen04103_firmware | - |
| honeywell | hen04113_firmware | - |
| honeywell | hen04123_firmware | - |
| honeywell | hen08103_firmware | - |
| honeywell | hen08113_firmware | - |
| honeywell | hen08123_firmware | - |
| honeywell | hen08143_firmware | - |
| honeywell | hen16103_firmware | - |
| honeywell | hen16123_firmware | - |
| honeywell | hen16143_firmware | - |
| honeywell | hen16163_firmware | - |
| honeywell | hen04103l_firmware | - |
| honeywell | hen08103l_firmware | - |
| honeywell | hen16103l_firmware | - |
| honeywell | hen32103l_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.