dustinnoe/SRN-x WebViewer DOS Vulnerability

## SRN-x WebViewer DOS Vulnerability
> [Suggested description]
> An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s
> 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A
> system crash and reboot can be achieved by submitting a long username
> in excess of 117 characters. The username triggers a buffer overflow
> in the main process controlling operation of the DVR system, rendering
> services unavailable during the reboot operation. A repeated attack
> affects availability as long as the attacker has network access to the
> device.
>
> ------------------------------------------
>
> [Additional Information]
> Hanwah has patched the vulnerability and stated they were releasing in on May 3rd, 2019.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Buffer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> Hanwah Techwin
>
> ------------------------------------------
>
> [Affected Product Code Base]
> SRN-472s - 1.07_190502
> SRN-x - All releases prior to May 3, 2019
>
> ------------------------------------------
>
> [Affected Component]
> Network Video Recording hardware.
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> To exploit this vulnerability, the attacker must supply a username in
> excess of 117 characters to the login form for the WebViewer console.
>
> ------------------------------------------
>
> [Reference]
> https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Dustin Noe, NovCon Solutions LLC
	> [Suggested description]
	> An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s
	> 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A
	> system crash and reboot can be achieved by submitting a long username
	> in excess of 117 characters. The username triggers a buffer overflow
	> in the main process controlling operation of the DVR system, rendering
	> services unavailable during the reboot operation. A repeated attack
	> affects availability as long as the attacker has network access to the
	> device.
	>
	> ------------------------------------------
	>
	> [Additional Information]
	> Hanwah has patched the vulnerability and stated they were releasing in on May 3rd, 2019.
	>
	> ------------------------------------------
	>
	> [Vulnerability Type]
	> Buffer Overflow
	>
	> ------------------------------------------
	>
	> [Vendor of Product]
	> Hanwah Techwin
	>
	> ------------------------------------------
	>
	> [Affected Product Code Base]
	> SRN-472s - 1.07_190502
	> SRN-x - All releases prior to May 3, 2019
	>
	> ------------------------------------------
	>
	> [Affected Component]
	> Network Video Recording hardware.
	>
	> ------------------------------------------
	>
	> [Attack Type]
	> Remote
	>
	> ------------------------------------------
	>
	> [Impact Denial of Service]
	> true
	>
	> ------------------------------------------
	>
	> [Attack Vectors]
	> To exploit this vulnerability, the attacker must supply a username in
	> excess of 117 characters to the login form for the WebViewer console.
	>
	> ------------------------------------------
	>
	> [Reference]
	> https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/
	>
	> ------------------------------------------
	>
	> [Has vendor confirmed or acknowledged the vulnerability?]
	> true
	>
	> ------------------------------------------
	>
	> [Discoverer]
	> Dustin Noe, NovCon Solutions LLC