Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2019-13523

Disclosure Date: September 26, 2019
CVE-2019-13523 CVSS v3 Base Score: 5.3
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.3 Medium
Impact Score:
1.4
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Performance IP Cameras HBD3PR2
Performance IP Cameras H4D3PRV3
Performance IP Cameras HED3PR3
Performance IP Cameras H4D3PRV2
Performance IP Cameras HBD3PR1
Performance IP Cameras H4W8PR2
Performance IP Cameras HBW8PR2
Performance IP Cameras H2W2PC1M
Performance IP Cameras H2W4PER3
Performance IP Cameras H2W2PER3
Performance IP Cameras HEW2PER3
Performance IP Cameras HEW4PER3B
Performance IP Cameras HBW2PER1
Performance IP Cameras HEW4PER2
Performance IP Cameras HEW4PER2B
Performance IP Cameras HEW2PER2
Performance IP Cameras H4W2PER2
Performance IP Cameras HBW2PER2
Performance IP Cameras H4W2PER3
Performance IP Cameras HPW2P1
Performance NVRs HEN08104
Performance NVRs HEN08144
Performance NVRs HEN081124
Performance NVRs HEN16104
Performance NVRs HEN16144
Performance NVRs HEN16184
Performance NVRs HEN16204
Performance NVRs HEN162244
Performance NVRs HEN16284
Performance NVRs HEN16304
Performance NVRs HEN16384
Performance NVRs HEN32104
Performance NVRs HEN321124
Performance NVRs HEN32204
Performance NVRs HEN32284
Performance NVRs HEN322164
Performance NVRs HEN32304
Performance NVRs HEN32384
Performance NVRs HEN323164
Performance NVRs HEN64204
Performance NVRs HEN64304
Performance NVRs HEN643164
Performance NVRs HEN643324
Performance NVRs HEN643484
Performance NVRs HEN04103
Performance NVRs HEN04113
Performance NVRs HEN04123
Performance NVRs HEN08103
Performance NVRs HEN08113
Performance NVRs HEN08123
Performance NVRs HEN08143
Performance NVRs HEN16103
Performance NVRs HEN16123
Performance NVRs HEN16143
Performance NVRs HEN16163
Performance NVRs HEN04103L
Performance NVRs HEN08103L
Performance NVRs HEN16103L
Performance NVRs HEN32103L
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis