Auth bypass in Honeywell H2w2pc1m

CVE-2019-13523

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), whi…

Vulnerability class: Information Disclosure

EPSS: 0.018 (76.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

  • ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC, Mitigation)

Frequently asked questions

What is CVE-2019-13523?
CVE-2019-13523 is a medium-severity vulnerability in Honeywell H2w2pc1m, classified under Information Disclosure. CVSS score: 5.3/10. Published 2019-09-26.
How severe is CVE-2019-13523?
Medium severity. CVSS v3 base score is 5.3 out of 10.