CVE-2023-31994

high-risk

Published 2023-05-23

Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Ane-L6012R Firmware

Ane-L7012R Firmware

Ano-L6012R Firmware

Ano-L6022R Firmware

Ano-L6082R Firmware

Ano-L7012R Firmware

Ano-L7022R Firmware

Ano-L7082R Firmware

Anv-L6012R Firmware

Anv-L6023R Firmware

Anv-L6082R Firmware

Anv-L7012R Firmware

Anv-L7082R Firmware

Arn-1610S Firmware

Arn-410S Firmware

Arn-810S Firmware

Lnd-6010R Firmware

Lnd-6011R Firmware

Lnd-6012R Firmware

Lnd-6020R Firmware

Affected Vendors

Hanwhavision

References (4)

Vendor Advisory https://hanwhavisionamerica.com/download/50042/

Broken Link https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Rep...

Vendor Advisory https://hanwhavisionamerica.com/download/50042/

Broken Link https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Rep...

/ 100

high-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical