PT-2023-32301 · Hanwha Vision · Wave Server Application
Published
2023-11-13
·
Updated
2023-11-17
·
CVE-2023-5747
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hanwha Vision Wave server application (affected versions not specified)
Description
A flaw in the Wave server application allows for remote code execution during the installation of Wave on the camera device. The application is vulnerable to command injection, enabling an attacker to run arbitrary code.
Recommendations
For the affected version, update to the patched firmware released by HanwhaVision to resolve the issue. Refer to the HanwhaVision security report for more information and solution.
Fix
Improper Verification of Cryptographic Signature
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wave Server Application