CVE-2019-12223

Name of the Vulnerable Software and Affected Versions Hanwah Techwin SRN-472s version 1.07 190502 Hanwah Techwin SRN-x devices before 2019-05-03

Description A system crash and reboot can be achieved by submitting a long username in excess of 117 characters, triggering a buffer overflow in the main process controlling operation of the DVR system. This renders services unavailable during the reboot operation. Repeated attacks can affect availability as long as the attacker has network access to the device.

Recommendations For Hanwah Techwin SRN-472s version 1.07 190502, consider restricting access to the login functionality to minimize the risk of exploitation. For Hanwah Techwin SRN-x devices before 2019-05-03, avoid using long usernames until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.