Vulnerability Details : CVE-2019-12223
Potential exploit
An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.
Vulnerability category: Overflow
Products affected by CVE-2019-12223
- cpe:2.3:o:hanwha-security:srn-472s_firmware:1.07_190502:*:*:*:*:*:*:*
- cpe:2.3:o:hanwha-security:srn-873s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hanwha-security:srn-1673s_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12223
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12223
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-12223
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-12223
-
https://medium.com/@noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd
Samsung NVR WebViewer Remote DoS Vulnerability — CVE-2019-12223Exploit;Third Party Advisory
-
https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/
SRN-472S | Hanwha Techwin - Security Global LeaderProduct
-
https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82
SRN-x WebViewer DOS Vulnerability · GitHubExploit;Third Party Advisory
Jump to