{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-6095","assignerOrgId":"fc9afe74-3f80-4fb7-a313-e6f036a89882","state":"PUBLISHED","assignerShortName":"Hanwha_Vision","dateReserved":"2023-11-13T09:04:20.301Z","datePublished":"2024-04-26T07:09:38.940Z","dateUpdated":"2024-08-02T08:21:17.058Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"HRX-1620","vendor":"Hanwha Vision Co., Ltd.","versions":[{"status":"affected","version":"3.05.62 and prior versions"}]}],"datePublic":"2024-04-26T06:59:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<div><div>Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.</div></div>\n\n"}],"value":"\nVladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.\n\n"}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100 Overflow Buffers"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.9,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-121","description":"CWE-121 Stack-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"fc9afe74-3f80-4fb7-a313-e6f036a89882","shortName":"Hanwha_Vision","dateUpdated":"2024-04-26T07:09:38.940Z"},"references":[{"url":"https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"}],"source":{"discovery":"UNKNOWN"},"title":"Remote Code Execution without authentication using memory overflow","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-6095","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-04-30T15:33:48.703590Z"}}}],"affected":[{"cpes":["cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"],"vendor":"hanwhavision","product":"ane-l6012r","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:17:21.962Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:21:17.058Z"},"title":"CVE Program Container","references":[{"url":"https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf","tags":["x_transferred"]}]}]}}