Hanwha Vision Announces Critical Security Updates for NVR and DVR Models

Hanwha Vision, a leader in surveillance technology, has swiftly responded to significant cybersecurity threats identified in several of its network video recorders (NVR) and digital video recorders (DVR). These threats, detailed in recent security advisories, outline vulnerabilities that could potentially allow unauthorized remote code execution and compromise device security.

Overview of the Vulnerabilities:

Hanwha Vision’s S-CERT team reported multiple critical vulnerabilities identified by external cybersecurity researchers. CVE-2023-6095 and CVE-2023-6096 were discovered by a Ukrainian customer, Vladimir Kononovich, affecting various models with issues ranging from remote code execution due to stack overflow to vulnerabilities due to improper encryption logic. Another significant vulnerability, CVE-2023-6116, discovered by Team ENVY, similarly allows remote code execution through manipulated HTTP URL parameters.

• CVE-2023-6095 (CVSS 8.9) and CVE-2023-6096 (CVSS 7.4) – These vulnerabilities affect the device’s ability to securely handle and encrypt data, potentially allowing attackers to inject arbitrary code and manipulate device operations without authentication. The affected models include various iterations of the XRN and HRX series among others.
• CVE-2023-6116 (CVSS 8.9) – This vulnerability particularly affects the XRN-420S among other models and involves a stack overflow that can be exploited remotely. Although exploitation chances are technically low due to the need for specific memory address knowledge, the potential impact is considered high.

Affected Products:

The vulnerabilities impact a wide range of models, including but not limited to:

• XRN-2010, XRN-3010A, HRX-1620, HRX-420
• QRN-810, XRN-420S

These models span various firmware versions, with those affected requiring immediate updates to mitigate risk.

Actions Taken by Hanwha Vision:

In response to these vulnerabilities, Hanwha Vision has proactively issued updated firmware versions for all impacted models. This is despite some models being out of the regular support window due to discontinuation. The company prioritizes customer security and has made the updates available through the Wisenet Device Manager tool and directly from the Hanwha Vision websites.

Recommendations for Users:

Hanwha Vision advises all users of the affected models to update their devices immediately to the latest firmware versions to protect against these vulnerabilities. Users can access the updates through the recommended Wisenet Device Manager tool or by visiting Hanwha Vision’s official support pages.

Conclusion:

The discovery of these vulnerabilities highlights the continuous risks associated with networked security devices and underscores the importance of maintaining up-to-date firmware. Device administrators are urged to ensure that their firmware is always current and to monitor advisories from Hanwha Vision for any future updates.