CVE-2023-31996

high-risk

Published 2023-05-23

Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function.

Do I need to act?

1.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Ane-L6012R Firmware

Ane-L7012R Firmware

Ano-L6012R Firmware

Ano-L6022R Firmware

Ano-L6082R Firmware

Ano-L7012R Firmware

Ano-L7022R Firmware

Ano-L7082R Firmware

Anv-L6012R Firmware

Anv-L6023R Firmware

Anv-L6082R Firmware

Anv-L7012R Firmware

Anv-L7082R Firmware

Pnm-12082Rvd Firmware

Pnm-7002Vd Firmware

Pnm-7082Rvd Firmware

Pnm-8082Vt Firmware

Pnm-9000Qb Firmware

Pnm-9000Vd Firmware

Pnm-9002Vq Firmware

Affected Vendors

Hanwhavision

References (4)

Vendor Advisory https://hanwhavisionamerica.com/download/50042/

Vendor Advisory https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Rep...

Vendor Advisory https://hanwhavisionamerica.com/download/50042/

Vendor Advisory https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Rep...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 4/34 · Minimal

Exposure 31/34 · Critical