Description
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Published: 2026-04-28
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Service Disruption
Action: Patch Firmware
AI Analysis

Impact

The flaw in the Hanwha Vision QND-8080R camera system arises from missing error and exception handling when processing certain incoming requests, causing the service to crash or become unresponsive. This results in a denial‑of‑service condition that can prevent the camera from delivering video or telemetry, leading to loss of availability. The weakness is an input validation issue (CWE‑20). No information about confidentiality or integrity impact is provided.

Affected Systems

The affected product is the Hanwha Vision QND-8080R camera model, as specified by the CNA. No additional vendor or version details are listed beyond the model identifier.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate level of severity. EPSS data is not reported, and the vulnerability is not in the CISA KEV catalog. The likely attack vector is remote delivery of malformed requests over the network to the camera service, as the description indicates failures during request processing. The flaw does not mention the need for authenticated access; therefore, it is inferred that unauthenticated users could potentially trigger the disruption. Remediation includes applying the vendor’s firmware patch.

Generated by OpenCVE AI on April 28, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the camera firmware to the latest version released by Hanwha Vision as described in the manufacturer’s security report.
  • Implement any interim mitigations recommended by the manufacturer, such as limiting the camera’s exposure to untrusted networks.
  • Segment the camera network and apply strict access controls to reduce the risk of service disruption.

Generated by OpenCVE AI on April 28, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hanwhavision
Hanwhavision qnd-8080r
Vendors & Products Hanwhavision
Hanwhavision qnd-8080r

Tue, 28 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Description Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Title Missing Error/Exception Handling
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Hanwhavision Qnd-8080r
cve-icon MITRE

Status: PUBLISHED

Assigner: Hanwha_Vision

Published:

Updated: 2026-04-28T12:28:46.913Z

Reserved: 2024-11-27T00:56:05.852Z

Link: CVE-2024-54011

cve-icon Vulnrichment

Updated: 2026-04-28T12:28:42.752Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T08:15:59.917

Modified: 2026-04-28T20:11:56.713

Link: CVE-2024-54011

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:30:31Z

Weaknesses