← Back to CVEs
CVE-2019-12223
N/ADescription
An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.
CVE Details
CVSS v3.1 ScoreN/A
Published9/5/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
hanwha-security:srn-1673shanwha-security:srn-1673s_firmwarehanwha-security:srn-472shanwha-security:srn-472s_firmwarehanwha-security:srn-873shanwha-security:srn-873s_firmware
Weaknesses (CWE)
CWE-119
References
https://medium.com/%40noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd(cve@mitre.org)
https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/(cve@mitre.org)
https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82(af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd(af854a3a-2127-422b-91ae-364da2661108)
https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.