CVE-2023-5747 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-5747?

CVE-2023-5747 has a CVSS score of 7.2 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on HanwhaVision camera devices during Wave server installation via command injection. Affected systems are HanwhaVision cameras running vulnerable firmware versions. Attackers can gain full control of the camera device.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on HanwhaVision camera devices during Wave server installation via command injection. Affected systems are HanwhaVision cameras running vulnerable firmware versions. Attackers can gain full control of the camera device.

💻 Affected Systems

Products:

HanwhaVision cameras with Wave server application

Versions: Specific vulnerable versions not specified in provided description; refer to HanwhaVision security report

Operating Systems: Embedded Linux systems on HanwhaVision cameras

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists during Wave server installation process on camera devices

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of camera device allowing attacker to install persistent malware, pivot to internal networks, disable security features, or use camera as botnet node.

🟠

Likely Case

Attacker gains shell access to camera device, can modify configurations, exfiltrate video feeds, or disrupt camera functionality.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to isolated camera network segment.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Command injection vulnerabilities typically have low exploitation complexity once the injection point is identified

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched firmware versions available from HanwhaVision

Vendor Advisory: https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf

Restart Required: Yes

Instructions:

1. Download latest firmware from HanwhaVision support portal. 2. Upload firmware to camera via web interface. 3. Apply firmware update. 4. Reboot camera to complete installation.

🔧 Temporary Workarounds

Network segmentation

all

Isolate camera network from critical systems and internet

Access control restrictions

all

Restrict network access to camera management interfaces

🧯 If You Can't Patch

Segment camera network completely from other systems using firewall rules
Disable remote management features if not required

🔍 How to Verify

Check if Vulnerable:

Check camera firmware version against HanwhaVision's vulnerability report

Check Version:

Check via camera web interface: System > Information > Firmware Version

Verify Fix Applied:

Verify firmware version matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Failed authentication attempts to camera management interface
Unexpected firmware installation attempts

Network Indicators:

Unusual outbound connections from camera devices
Traffic to unexpected ports from camera management interface

SIEM Query:

source="camera_logs" AND ("command injection" OR "unauthorized access" OR "firmware install")

📊 Metadata

CVE ID: CVE-2023-5747

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-345

Published: November 13, 2023

Last Updated: November 21, 2024

🔗 References

https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf Third Party Advisory
https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5747, you might also want to check these: