7.8
CVE-2019-12223
- EPSS 0.53%
- Veröffentlicht 05.09.2019 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:22:27
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hanwha-security ≫ Srn-472s Firmware Version1.07_190502
Hanwha-security ≫ Srn-873s Firmware Version < 2019-05-03
Hanwha-security ≫ Srn-1673s Firmware Version < 2019-05-03
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.664 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.