Focus on hanwha-security vulnerabilities and metrics.
Last updated: 08 Mar 2025, 23:25 UTC
This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with hanwha-security. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.
For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.
Total hanwha-security CVEs: 14
Earliest CVE date: 13 Feb 2017, 21:59 UTC
Latest CVE date: 05 Sep 2019, 15:15 UTC
Latest CVE reference: CVE-2019-12223
30-day Count (Rolling): 0
365-day Count (Rolling): 0
Calendar-based Variation
Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.
Month Variation (Calendar): 0%
Year Variation (Calendar): 0%
Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%
Average CVSS: 6.24
Max CVSS: 10.0
Critical CVEs (≥9): 1
| Range | Count |
|---|---|
| 0.0-3.9 | 0 |
| 4.0-6.9 | 8 |
| 7.0-8.9 | 5 |
| 9.0-10.0 | 1 |
These are the five CVEs with the highest CVSS scores for hanwha-security, sorted by severity first and recency.
An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams
Remote password change in Hanwha Techwin Smartcams
Authentication bypass in Hanwha Techwin Smartcams
Remote code execution in Hanwha Techwin Smartcams
Buffer overflow in Hanwha Techwin Smartcams
An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams
Unsecured way of firmware update in Hanwha Techwin Smartcams
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.