Important firmware update: NVR authenticated access vulnerability report

18 May 2017

Dear Valued STEP Partners,

There was a recent report that a vulnerability has been found in the firmware of certain Hanwha NVR products.

Hanwha Techwin Europe is taking proactive measures to address the issue and would like to share the details with you.

Please refer to the below link for the details and contact local Hanwha Techwin team for any further inquiry.

Click here for the Vulnerability Report  

Vulnerability details:

  • A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.
  • An attacker needs to use a computer that has previously been properly logged into a NVR in order to successfully exploit the vulnerability.
  • Cached files stored in the computer from the previous sessions can trigger the exploit. Attacks to affected devices from a computer which have previously logged in are at immediate risk.
  • An attacker will not be able to exploit the affected devices with this vulnerability with a computer that has never properly accessed the affected Hanwha devices.
  • ICS-CERT link: https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03

Affected products:

  • SRN-4000 NVR firmware prior to v2.16_170401.zip
  • SRN-1673S/873S/473S NVR firmware prior to v1.08_160811.zip

Link to the new FW:

SRN-4000

SRN-xx73S

Mitigation:

Hanwha recommends to upgrade all affected products with the new firmware.

Hanwha Techwin Europe
www.hanwha-security.eu

This post is also available in: French, German, Italian, Russian, Spanish, Portuguese (Portugal), Czech, Polish, Swedish, Turkish