{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-05T14:55:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/"}, {"tags": ["x_refsource_MISC"], "url": "https://medium.com/%40noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12223", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/", "refsource": "MISC", "url": "https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/"}, {"name": "https://medium.com/@noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd", "refsource": "MISC", "url": "https://medium.com/@noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd"}, {"name": "https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82", "refsource": "MISC", "url": "https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:17:38.922Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://medium.com/%40noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12223", "datePublished": "2019-09-05T14:55:03", "dateReserved": "2019-05-20T00:00:00", "dateUpdated": "2024-08-04T23:17:38.922Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hanwha-security:srn-472s_firmware:1.07_190502:*:*:*:*:*:*:*", "matchCriteriaId": "F4AF0105-373B-4964-B608-53B861F0BAE6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hanwha-security:srn-472s:-:*:*:*:*:*:*:*", "matchCriteriaId": "56837BCD-EF7E-4BC7-ABD2-98F0D3B47228", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hanwha-security:srn-873s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB7E9246-B9FC-4DCC-88EE-7D6615A7779C", "versionEndExcluding": "2019-05-03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hanwha-security:srn-873s:-:*:*:*:*:*:*:*", "matchCriteriaId": "C60F82C4-EA5C-430A-A122-DD4735A250C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hanwha-security:srn-1673s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82CBA0ED-BB76-4637-BF9F-C69EB6549988", "versionEndExcluding": "2019-05-03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hanwha-security:srn-1673s:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BCE4607-4FB6-4682-8383-EB89D507A14F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device."}, {"lang": "es", "value": "Se detect\u00f3 un problema en NVR WebViewer en los dispositivos Hanwah Techwin SRN-472s versi\u00f3n 1.07_190502 y otros dispositivos SRN-x en versiones anteriores a la 2019-05-03. Se puede lograr un bloqueo y reinicio del sistema enviando un nombre de usuario largo de m\u00e1s de 117 caracteres. El nombre de usuario desencadena un desbordamiento del b\u00fafer en el proceso principal que controla la operaci\u00f3n del sistema DVR, lo que hace que los servicios no est\u00e9n disponibles durante la operaci\u00f3n de reinicio. Un ataque repetido afecta la disponibilidad siempre que el atacante tenga acceso de red al dispositivo."}], "id": "CVE-2019-12223", "lastModified": "2023-11-07T03:03:30.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-05T15:15:11.783", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82"}, {"source": "cve@mitre.org", "url": "https://medium.com/%40noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}