Details of VAR-201803-1771

ID

VAR-201803-1771

CVE

CVE-2018-6294

TITLE

Hanwha Techwin Smartcam Vulnerabilities related to authentication in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-002842

DESCRIPTION

Unsecured way of firmware update in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is currently no detailed vulnerability description. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams

Trust: 2.25

sources: NVD: CVE-2018-6294 // JVNDB: JVNDB-2018-002842 // CNVD: CNVD-2018-07060 // VULHUB: VHN-136326

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-07060

AFFECTED PRODUCTS

vendor:	hanwha security	model:	snh-v6410pn	scope:	eq	version:	-	Trust: 1.6
vendor:	hanwha security	model:	snh-v6410pnw	scope:	eq	version:	-	Trust: 1.6
vendor:	hanwha techwin	model:	snh-v6410pn	scope:	-	version:	-	Trust: 0.8
vendor:	hanwha techwin	model:	snh-v6410pnw	scope:	-	version:	-	Trust: 0.8
vendor:	hanwha	model:	techwin smartcams	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-07060 // JVNDB: JVNDB-2018-002842 // CNNVD: CNNVD-201803-391 // NVD: CVE-2018-6294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-6294
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-6294
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-07060
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-391
value:	HIGH
Trust: 0.6
VULHUB:	VHN-136326
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-6294
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-07060
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-136326
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-6294
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-07060 // VULHUB: VHN-136326 // JVNDB: JVNDB-2018-002842 // CNNVD: CNNVD-201803-391 // NVD: CVE-2018-6294

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-136326 // JVNDB: JVNDB-2018-002842 // NVD: CVE-2018-6294

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-391

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201803-391

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002842

PATCH

title:	SNH-V6410PN/PNW	url:	https://www.hanwha-security.eu/home-security-products/snh-v6410pn/	Trust: 0.8
title:	HanwhaTechwinSmartcam Unsafe Firmware Update Method Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/124841	Trust: 0.6
title:	Hanwha Techwin Smartcams Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79086	Trust: 0.6

sources: CNVD: CNVD-2018-07060 // JVNDB: JVNDB-2018-002842 // CNNVD: CNNVD-201803-391

EXTERNAL IDS

db:	NVD	id:	CVE-2018-6294	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-002842	Trust: 0.8
db:	CNVD	id:	CNVD-2018-07060	Trust: 0.6
db:	CNNVD	id:	CNNVD-201803-391	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-136326	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-07060 // VULHUB: VHN-136326 // JVNDB: JVNDB-2018-002842 // CNNVD: CNNVD-201803-391 // NVD: CVE-2018-6294

REFERENCES

url:	https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6294	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6294	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-07060 // VULHUB: VHN-136326 // JVNDB: JVNDB-2018-002842 // CNNVD: CNNVD-201803-391 // NVD: CVE-2018-6294

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2018-07060
db:	VULHUB	id:	VHN-136326
db:	JVNDB	id:	JVNDB-2018-002842
db:	CNNVD	id:	CNNVD-201803-391
db:	NVD	id:	CVE-2018-6294

LAST UPDATE DATE

2025-01-30T20:36:14.325000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07060	date:	2018-04-04T00:00:00
db:	VULHUB	id:	VHN-136326	date:	2018-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-002842	date:	2018-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201803-391	date:	2018-03-16T00:00:00
db:	NVD	id:	CVE-2018-6294	date:	2024-11-21T04:10:25.717

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-07060	date:	2018-04-04T00:00:00
db:	VULHUB	id:	VHN-136326	date:	2018-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-002842	date:	2018-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201803-391	date:	2018-03-16T00:00:00
db:	NVD	id:	CVE-2018-6294	date:	2018-03-13T17:29:00.327