{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-54012","assignerOrgId":"fc9afe74-3f80-4fb7-a313-e6f036a89882","state":"PUBLISHED","assignerShortName":"Hanwha_Vision","dateReserved":"2024-11-27T00:56:05.852Z","datePublished":"2026-04-28T07:03:58.874Z","dateUpdated":"2026-04-28T12:35:28.059Z"},"containers":{"cna":{"providerMetadata":{"orgId":"fc9afe74-3f80-4fb7-a313-e6f036a89882","shortName":"Hanwha_Vision","dateUpdated":"2026-04-28T07:03:58.874Z"},"title":"Command Injection","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-88","descriptions":[{"lang":"en","value":"CAPEC-88 OS Command Injection"}]}],"affected":[{"vendor":"Hanwha Vision","product":"QND-8080R","versions":[{"status":"affected","version":"0","lessThan":"2.24.00","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer's report for details and workarounds.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer's report for details and workarounds.</p>"}]}],"references":[{"url":"https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":8.5,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-28T12:35:19.812622Z","id":"CVE-2024-54012","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-28T12:35:28.059Z"}}]}}