Andrey Muravitsky

**Name of the Vulnerable Software and Affected Versions** Camera recovery image (affected versions not specified) **Description** A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash and potentially lead to a buffer overflow, enabling remote code execution. The recovery image can only be accessed with administrative rights or physical access to the camera, allowing the upload of new firmware in case of damaged firmware. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or version is mentioned, so: Camera recovery image (affected versions not specified) **Description** A specially crafted TCP/IP packet may cause the camera recovery image telnet interface to crash and potentially lead to a buffer overflow, enabling remote code execution. The recovery image can only be accessed with administrative rights or physical access to the camera, allowing the upload of new firmware in case of damaged firmware. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user. This is a Cross Site Request Forgery (CSRF) issue, which requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bosch IP cameras (affected versions not specified) Description: The issue is related to an error in the URL handler of the web-based interface, which may lead to a reflected cross-site scripting (XSS) attack. An attacker with knowledge of the camera address can send a crafted link to a user, executing JavaScript code in the context of the user. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bosch IP cameras (affected versions not specified) Description: The issue allows an authenticated attacker with administrator rights to cause a Denial of Service (DoS) by calling a URL with an invalid parameter, making the camera unresponsive for a few seconds. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bosch IP cameras (affected versions not specified) Description: The issue is related to improper validation of the HTTP header in Bosch IP cameras, which allows an attacker to inject arbitrary HTTP headers through crafted URLs. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bosch IP cameras versions 7.70 through 7.80 prior to B128 **Description** A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. The vulnerability affects devices of the CPP6, CPP7, and CPP7.3 family. **Recommendations** For versions 7.70 through 7.80 prior to B128, update the firmware to a version that includes the fix for this issue, specifically B128 or later. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 **Description** The issue concerns a weak hashing algorithm that allows an unauthenticated attacker to extract clear text passwords and gain root access on the device. **Recommendations** For Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118, consider changing passwords and restricting device access until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 **Description** The issue concerns insecure configuration storage, allowing a remote attacker to perform new attack vectors and gain control over the device and smart home. **Recommendations** For Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118, consider restricting access to the device until a secure configuration storage solution is implemented. As a temporary workaround, limit the exposure of the device to the internet and isolate it from the smart home network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) **Description** The issue allows for arbitrary camera access and monitoring via the cloud. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) **Description** The issue concerns an unsecured way of firmware update in Hanwha Techwin Smartcams. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) **Description** The issue concerns an unencrypted method of remote control and communications in the affected devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) **Description** The issue concerns an undocumented capability for switching the web interface in Hanwha Techwin Smartcams. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) **Description** A buffer overflow issue has been identified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) **Description** The issue concerns an authentication bypass in Hanwha Techwin Smartcams. No further details are provided about the nature of the bypass or its potential impact. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) **Description** The issue concerns a remote password change in Hanwha Techwin Smartcams. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) **Description** The issue allows for a denial of service by blocking new camera registration on the cloud server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) **Description** The issue allows for denial of service by uploading malformed firmware. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanwha Techwin Smartcams (affected versions not specified) Hanwha Techwin SNH-V6410PN and SNH-V6410PNW (affected versions not specified) **Description** The issue is related to remote code execution in Hanwha Techwin Smartcams. A software vulnerability exists in Hanwha Techwin SNH-V6410PN and SNH-V6410PNW cameras due to insufficient input validation. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code. **Recommendations** For Hanwha Techwin Smartcams, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Hanwha Techwin SNH-V6410PN and SNH-V6410PNW, consider restricting access to the cameras until a patch is available.