Vulnerability Description
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hanwhavision | Wave Server Software | < 5.1.1.37647 |
| Hanwhavision | Pno-A6081R-E1T Firmware | 2.21.02 |
| Hanwhavision | Pno-A6081R-E1T | - |
| Hanwhavision | Pno-A6081R-E2T Firmware | 2.21.02 |
| Hanwhavision | Pno-A6081R-E2T | - |
Related Weaknesses (CWE)
References
- https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-RepThird Party Advisory
- https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-RepThird Party Advisory
FAQ
What is CVE-2023-5747?
CVE-2023-5747 is a vulnerability with a CVSS score of 7.2 (HIGH). Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vu...
How severe is CVE-2023-5747?
CVE-2023-5747 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5747?
Check the references section above for vendor advisories and patch information. Affected products include: Hanwhavision Wave Server Software, Hanwhavision Pno-A6081R-E1T Firmware, Hanwhavision Pno-A6081R-E1T, Hanwhavision Pno-A6081R-E2T Firmware, Hanwhavision Pno-A6081R-E2T.