Skip to main content

Ano L6012R Firmware CVE-2023-5037

HIGH
OS Command Injection (CWE-78)
2023-11-13 fc9afe74-3f80-4fb7-a313-e6f036a89882
Command Injection Ano L6012R Firmware Ano L6022R Firmware Anv L6012R Firmware Ano L6082R Firmware Ane L6012R Firmware Anv L6082R Firmware Ano L7082R Firmware Ane L7012R Firmware Anv L7082R Firmware Ano L7012R Firmware Ano L7022R Firmware Anv L7012R Firmware Pnm C9022Rv Firmware Pnm 9000Qb Firmware Pnm 7002Vd Firmware Pnm 8082Vt Firmware Pnm 9002Vq Firmware Pnm 9022V Firmware Pnm 9031Rv Firmware Pnm 9084Qz Firmware Pnm 9084Rqz Firmware Pnm 9085Rqz Firmware Pnm 9084Qz1 Firmware Pnm 9084Rqz1 Firmware Pnm 9085Rqz1 Firmware Pnm 9322Vqp Firmware Pnm 7082Rvd Firmware Pnm 12082Rvd Firmware Lno 6072R Firmware Lnd 6012R Firmware Lno 6032R Firmware Lnv 6032R Firmware Lnd 6022R Firmware Lnd 6072R Firmware Lno 6022R Firmware Lnv 6012R Firmware Lnv 6072R Firmware Lnd 6032R Firmware Lnv 6022R Firmware Lno 6012R Firmware Qnd 6011 Firmware Qnd 6012R Firmware Qnd 6021 Firmware Qnd 6022R Firmware Qnd 6032R Firmware Qnd 6072R Firmware Qnd 6073R Firmware Qnd 6082R Firmware Qnd 6083R Firmware Qno 6012R Firmware Qno 6022R Firmware Qno 6032R Firmware Qno 6072R Firmware Qno 6073R Firmware Qno 6082R Firmware Qno 6083R Firmware Qnv 6012R Firmware Qnv 6022R Firmware Qnv 6032R Firmware Qnv 6072R Firmware Qnv 6073R Firmware Qnv 6082R Firmware Qnv 6083R Firmware Qnd 6012R1 Firmware Qnd 6022R1 Firmware Qnd 6032R1 Firmware Qnd 6072R1 Firmware Qnd 6082R1 Firmware Qnv 6012R1 Firmware Qnv 6022R1 Firmware Qnv 6032R1 Firmware Qnv 6072R1 Firmware Qnv 6082R1 Firmware Qno 6012R1 Firmware Qno 6022R1 Firmware Qno 6032R1 Firmware Qno 6072R1 Firmware Qno 6082R1 Firmware Qnd 7082R Firmware Qnv 7082R Firmware Qno 7082R Firmware Qnd 7012R Firmware Qnd 7022R Firmware Qnd 7032R Firmware Qno 7012R Firmware Qno 7022R Firmware Qno 7032R Firmware Qnv 7012R Firmware Qnv 7022R Firmware Qnv 7032R Firmware Qnv 6014R Firmware Qnv 6084R Firmware Qno 6014R Firmware Qno 6084R Firmware Qnv 6024Rm Firmware Qnv 6023R Firmware Anv L6023R Firmware Qnb 8002 Firmware Qnd 8010R Firmware Qnd 8011 Firmware Qnd 8020R Firmware Qnd 8021 Firmware Qnd 8030R Firmware Qnd 8080R Firmware Qne 8011R Firmware Qne 8021R Firmware Qno 8010R Firmware Qno 8020R Firmware Qno 8030R Firmware Qno 8080R Firmware Qnv 8010R Firmware Qnv 8020R Firmware Qnv 8030R Firmware Qnv 8080R Firmware Xnv 9083Rz Firmware Xnv 8083Rz Firmware Xnv 8083Z Firmware Xnv 6083Rz Firmware Xnv 6083Z Firmware Xnb 6002 Firmware Xnd 6083Rv Firmware Xnv 6083R Firmware Xno 6083R Firmware Xnb 6003 Firmware Xnv 9083R Firmware Xnv 8093R Firmware Xnv 8083R Firmware Xnd 9083Rv Firmware Xnd 8093Rv Firmware Xnd 8083Rv Firmware Xno 9083R Firmware Xno 8083R Firmware Xnb 9003 Firmware Xnb 8003 Firmware Xnd C6083Rv Firmware Xnd C7083Rv Firmware Xnv C6083R Firmware Xnv C7083R Firmware Xno C6083R Firmware Xno C7083R Firmware Xnv C6083 Firmware Xnd C8083Rv Firmware Xnd C9083Rv Firmware Xnv C8083R Firmware Xnv C9083R Firmware Xno C8083R Firmware Xno C9083R Firmware Xnp 9250R Firmware Xnp 8250R Firmware Xnp 9250 Firmware Xnp 8250 Firmware Xnp 6400R Firmware Xnp 6400 Firmware Xnp 9300Rw Firmware Xnp 8300Rw Firmware Xnp 6400Rw Firmware Tnv C7013Rc Firmware Xnp C6403 Firmware Xnp C6403R Firmware Xnp C6403Rw Firmware Xnp C8253 Firmware Xnp C8253R Firmware Xnp C8303Rw Firmware Xnp C9253 Firmware Xnp C9253R Firmware Xnp C9303Rw Firmware Xno 6123R Firmware Xnv 6123R Firmware Xnb 8002 Firmware Xnb 9002 Firmware Xnd 8082Rf Firmware Xnd 8082Rv Firmware Xnd 9082Rf Firmware Xnd 9082Rv Firmware Xno 8082R Firmware Xno 9082R Firmware Xnv 8082R Firmware Xnv 9082R Firmware Xnp C9310R Firmware Xnf 9010Rv Firmware Xnf 9010Rvm Firmware Xnf 9010Rs Firmware Xnf 9013Rv Firmware
7.1
CVSS 4.0 · Vendor: fc9afe74-3f80-4fb7-a313-e6f036a89882
Share

Severity by source

Vendor (fc9afe74-3f80-4fb7-a313-e6f036a89882) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (fc9afe74-3f80-4fb7-a313-e6f036a89882) · only source for this CVE.

CVSS VectorVendor: fc9afe74-3f80-4fb7-a313-e6f036a89882

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Nov 13, 2023 - 08:15 cve.org
HIGH 7.1

DescriptionCVE.org

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

AnalysisAI

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. Affected products include: Hanwhavision Ano-L6012R Firmware, Hanwhavision Ano-L6022R Firmware, Hanwhavision Anv-L6012R Firmware, Hanwhavision Ano-L6082R Firmware, Hanwhavision Ane-L6012R Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

Share

CVE-2023-5037 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy