Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2019-13523

UNKNOWN
Published 2019-09-26T14:22:59
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-13523. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Honeywell

Performance IP Cameras

Affected Versions:

HBD3PR2 H4D3PRV3 HED3PR3 H4D3PRV2 HBD3PR1 H4W8PR2 HBW8PR2 H2W2PC1M H2W4PER3 H2W2PER3 HEW2PER3 HEW4PER3B HBW2PER1 HEW4PER2 HEW4PER2B HEW2PER2 H4W2PER2 HBW2PER2 H4W2PER3 HPW2P1
Honeywell

Performance NVRs

Affected Versions:

HEN08104 HEN08144 HEN081124 HEN16104 HEN16144 HEN16184 HEN16204 HEN162244 HEN16284 HEN16304 HEN16384 HEN32104 HEN321124 HEN32204 HEN32284 HEN322164 HEN32304 HEN32384 HEN323164 HEN64204 HEN64304 HEN643164 HEN643324 HEN643484 HEN04103 HEN04113 HEN04123 HEN08103 HEN08113 HEN08123 HEN08143 HEN16103 HEN16123 HEN16143 HEN16163 HEN04103L HEN08103L HEN16103L HEN32103L

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-6j5f-pm23-xcwq

Advisory Details

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-13523
WEB https://www.us-cert.gov/ics/advisories/icsa-19-260-03

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: April 4, 2024

References

https://www.us-cert.gov/ics/advisories/icsa-19-260-03
Published: 2019-09-26T14:22:59
Last Modified: 2024-08-04T23:57:39.391Z
Copied to clipboard!