Details of VAR-201803-1777

ID

VAR-201803-1777

CVE

CVE-2018-6300

TITLE

Hanwha Techwin Smartcam Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-002848

DESCRIPTION

Remote password change in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to certificate and password management exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams

Trust: 2.25

sources: NVD: CVE-2018-6300 // JVNDB: JVNDB-2018-002848 // CNVD: CNVD-2018-05235 // VULHUB: VHN-136332

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-05235

AFFECTED PRODUCTS

vendor:	hanwha security	model:	snh-v6410pn	scope:	eq	version:	-	Trust: 1.6
vendor:	hanwha security	model:	snh-v6410pnw	scope:	eq	version:	-	Trust: 1.6
vendor:	hanwha techwin	model:	snh-v6410pn	scope:	-	version:	-	Trust: 0.8
vendor:	hanwha techwin	model:	snh-v6410pnw	scope:	-	version:	-	Trust: 0.8
vendor:	hanwha	model:	techwin smartcams	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-05235 // JVNDB: JVNDB-2018-002848 // CNNVD: CNNVD-201803-385 // NVD: CVE-2018-6300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-6300
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-6300
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-05235
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-385
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-136332
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-6300
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-05235
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-136332
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-6300
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-05235 // VULHUB: VHN-136332 // JVNDB: JVNDB-2018-002848 // CNNVD: CNNVD-201803-385 // NVD: CVE-2018-6300

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-136332 // JVNDB: JVNDB-2018-002848 // NVD: CVE-2018-6300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-385

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-385

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002848

PATCH

title:	SNH-V6410PN/PNW	url:	https://www.hanwha-security.eu/home-security-products/snh-v6410pn/	Trust: 0.8
title:	HanwhaTechwinSmartcam Remote Password Change Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/121441	Trust: 0.6
title:	Hanwha Techwin Smartcams Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79080	Trust: 0.6

sources: CNVD: CNVD-2018-05235 // JVNDB: JVNDB-2018-002848 // CNNVD: CNNVD-201803-385

EXTERNAL IDS

db:	NVD	id:	CVE-2018-6300	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-002848	Trust: 0.8
db:	CNVD	id:	CNVD-2018-05235	Trust: 0.6
db:	CNNVD	id:	CNNVD-201803-385	Trust: 0.6
db:	VULHUB	id:	VHN-136332	Trust: 0.1

sources: CNVD: CNVD-2018-05235 // VULHUB: VHN-136332 // JVNDB: JVNDB-2018-002848 // CNNVD: CNNVD-201803-385 // NVD: CVE-2018-6300

REFERENCES

url:	https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6300	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6300	Trust: 0.8

sources: CNVD: CNVD-2018-05235 // VULHUB: VHN-136332 // JVNDB: JVNDB-2018-002848 // CNNVD: CNNVD-201803-385 // NVD: CVE-2018-6300

SOURCES

db:	CNVD	id:	CNVD-2018-05235
db:	VULHUB	id:	VHN-136332
db:	JVNDB	id:	JVNDB-2018-002848
db:	CNNVD	id:	CNNVD-201803-385
db:	NVD	id:	CVE-2018-6300

LAST UPDATE DATE

2024-11-23T22:45:24.931000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-05235	date:	2018-03-14T00:00:00
db:	VULHUB	id:	VHN-136332	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-002848	date:	2018-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201803-385	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-6300	date:	2024-11-21T04:10:26.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-05235	date:	2018-03-14T00:00:00
db:	VULHUB	id:	VHN-136332	date:	2018-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-002848	date:	2018-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201803-385	date:	2018-03-16T00:00:00
db:	NVD	id:	CVE-2018-6300	date:	2018-03-13T17:29:00.653