CVE-2023-5038

Summary

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Affected Software

VendorProductVersion RangeStatus
Hanwha Vision Co., Ltd.A-Series, Q-Series, PNM-series CameraPrior to version 1.41.16, Prior to version 2.22.00affected

Weaknesses

  • CWE-703: CWE-703: Improper Check or Handling of Exceptional Conditions
  • CWE-248: CWE-248: Uncaught Exception

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References