1. Home
  2. CVE Database
  3. CVE-2019-13523
MEDIUM · 5.3

CVE-2019-13523

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras ...

Vulnerability Description

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
HoneywellHbd3Pr2 Firmware-
HoneywellHbd3Pr2-
HoneywellH4D3Prv3 Firmware-
HoneywellH4D3Prv3-
HoneywellHed3Pr3 Firmware-
HoneywellHed3Pr3-
HoneywellH4D3Prv2 Firmware-
HoneywellH4D3Prv2-
HoneywellHbd3Pr1 Firmware-
HoneywellHbd3Pr1-
HoneywellH4W8Pr2 Firmware-
HoneywellH4W8Pr2-
HoneywellHbw8Pr2 Firmware-
HoneywellHbw8Pr2-
HoneywellH2W2Pc1M Firmware-
HoneywellH2W2Pc1M-
HoneywellH2W4Per3 Firmware-
HoneywellH2W4Per3-
HoneywellH2W2Per3 Firmware-
HoneywellH2W2Per3-

Related Weaknesses (CWE)

CWE-306CWE-200

References

FAQ

What is CVE-2019-13523?

CVE-2019-13523 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras ...

How severe is CVE-2019-13523?

CVE-2019-13523 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13523?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Hbd3Pr2 Firmware, Honeywell Hbd3Pr2, Honeywell H4D3Prv3 Firmware, Honeywell H4D3Prv3, Honeywell Hed3Pr3 Firmware.