Skip to content

Instantly share code, notes, and snippets.

@dustinnoe
Created August 8, 2019 14:55
Show Gist options
  • Save dustinnoe/66f91573a0080c9fb2c21819d8805a82 to your computer and use it in GitHub Desktop.
Save dustinnoe/66f91573a0080c9fb2c21819d8805a82 to your computer and use it in GitHub Desktop.
> [Suggested description]
> An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s
> 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A
> system crash and reboot can be achieved by submitting a long username
> in excess of 117 characters. The username triggers a buffer overflow
> in the main process controlling operation of the DVR system, rendering
> services unavailable during the reboot operation. A repeated attack
> affects availability as long as the attacker has network access to the
> device.
>
> ------------------------------------------
>
> [Additional Information]
> Hanwah has patched the vulnerability and stated they were releasing in on May 3rd, 2019.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Buffer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> Hanwah Techwin
>
> ------------------------------------------
>
> [Affected Product Code Base]
> SRN-472s - 1.07_190502
> SRN-x - All releases prior to May 3, 2019
>
> ------------------------------------------
>
> [Affected Component]
> Network Video Recording hardware.
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> To exploit this vulnerability, the attacker must supply a username in
> excess of 117 characters to the login form for the WebViewer console.
>
> ------------------------------------------
>
> [Reference]
> https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Dustin Noe, NovCon Solutions LLC
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment