Vulnerability in Hanwha Vision Co., Ltd. Xrn-420s

CVE-2024-41885

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the man…

EPSS: 0.008 (74.2th percentile) — read the EPSS interpretation.

Affected products

Hanwha Vision Co., Ltd. Xrn-420s — versions 5.01.62 and prior versions

Weakness classification (CWE)

CWE-547 — Use of Hard-coded, Security-relevant Constants

References

www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-20… (vendor-advisory)