Auth bypass in Honeywell H2w2pc1m
CVE-2019-13523
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), whi…
Vulnerability class: Information Disclosure
EPSS: 0.018 (76.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC, Mitigation)
Frequently asked questions
- What is CVE-2019-13523?
- CVE-2019-13523 is a medium-severity vulnerability in Honeywell H2w2pc1m, classified under Information Disclosure. CVSS score: 5.3/10. Published 2019-09-26.
- How severe is CVE-2019-13523?
- Medium severity. CVSS v3 base score is 5.3 out of 10.