CVE-2019-13523

Summary

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.

Affected Software

VendorProductVersion RangeStatus
HoneywellPerformance IP CamerasHBD3PR2affected
HoneywellPerformance IP CamerasH4D3PRV3affected
HoneywellPerformance IP CamerasHED3PR3affected
HoneywellPerformance IP CamerasH4D3PRV2affected
HoneywellPerformance IP CamerasHBD3PR1affected
HoneywellPerformance IP CamerasH4W8PR2affected
HoneywellPerformance IP CamerasHBW8PR2affected
HoneywellPerformance IP CamerasH2W2PC1Maffected
HoneywellPerformance IP CamerasH2W4PER3affected
HoneywellPerformance IP CamerasH2W2PER3affected
HoneywellPerformance IP CamerasHEW2PER3affected
HoneywellPerformance IP CamerasHEW4PER3Baffected
HoneywellPerformance IP CamerasHBW2PER1affected
HoneywellPerformance IP CamerasHEW4PER2affected
HoneywellPerformance IP CamerasHEW4PER2Baffected
HoneywellPerformance IP CamerasHEW2PER2affected
HoneywellPerformance IP CamerasH4W2PER2affected
HoneywellPerformance IP CamerasHBW2PER2affected
HoneywellPerformance IP CamerasH4W2PER3affected
HoneywellPerformance IP CamerasHPW2P1affected
HoneywellPerformance NVRsHEN08104affected
HoneywellPerformance NVRsHEN08144affected
HoneywellPerformance NVRsHEN081124affected
HoneywellPerformance NVRsHEN16104affected
HoneywellPerformance NVRsHEN16144affected
HoneywellPerformance NVRsHEN16184affected
HoneywellPerformance NVRsHEN16204affected
HoneywellPerformance NVRsHEN162244affected
HoneywellPerformance NVRsHEN16284affected
HoneywellPerformance NVRsHEN16304affected
HoneywellPerformance NVRsHEN16384affected
HoneywellPerformance NVRsHEN32104affected
HoneywellPerformance NVRsHEN321124affected
HoneywellPerformance NVRsHEN32204affected
HoneywellPerformance NVRsHEN32284affected
HoneywellPerformance NVRsHEN322164affected
HoneywellPerformance NVRsHEN32304affected
HoneywellPerformance NVRsHEN32384affected
HoneywellPerformance NVRsHEN323164affected
HoneywellPerformance NVRsHEN64204affected
HoneywellPerformance NVRsHEN64304affected
HoneywellPerformance NVRsHEN643164affected
HoneywellPerformance NVRsHEN643324affected
HoneywellPerformance NVRsHEN643484affected
HoneywellPerformance NVRsHEN04103affected
HoneywellPerformance NVRsHEN04113affected
HoneywellPerformance NVRsHEN04123affected
HoneywellPerformance NVRsHEN08103affected
HoneywellPerformance NVRsHEN08113affected
HoneywellPerformance NVRsHEN08123affected
HoneywellPerformance NVRsHEN08143affected
HoneywellPerformance NVRsHEN16103affected
HoneywellPerformance NVRsHEN16123affected
HoneywellPerformance NVRsHEN16143affected
HoneywellPerformance NVRsHEN16163affected
HoneywellPerformance NVRsHEN04103Laffected
HoneywellPerformance NVRsHEN08103Laffected
HoneywellPerformance NVRsHEN16103Laffected
HoneywellPerformance NVRsHEN32103Laffected

Weaknesses

  • CWE-200: INFORMATION EXPOSURE CWE-200

ADP Enrichment

CVE Program Container

Additional References

References