{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-54013","assignerOrgId":"fc9afe74-3f80-4fb7-a313-e6f036a89882","state":"PUBLISHED","assignerShortName":"Hanwha_Vision","dateReserved":"2024-11-27T00:56:05.852Z","datePublished":"2026-04-28T07:06:17.252Z","dateUpdated":"2026-04-28T12:34:26.408Z"},"containers":{"cna":{"providerMetadata":{"orgId":"fc9afe74-3f80-4fb7-a313-e6f036a89882","shortName":"Hanwha_Vision","dateUpdated":"2026-04-28T07:06:17.252Z"},"title":"Authentication Bypass","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-306","description":"CWE-306 Missing authentication for critical function","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"affected":[{"vendor":"Hanwha Vision","product":"QND-8080R","versions":[{"status":"affected","version":"0","lessThan":"2.24.00","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds</p>"}]}],"references":[{"url":"https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":8.7,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-28T12:34:15.429838Z","id":"CVE-2024-54013","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-28T12:34:26.408Z"}}]}}