Hanwha Recorder Vulnerability Analyzed

Author: Brian Karas, Published on May 18, 2017

ICS-CERT has released a vulnerability notice for Hanwha SRN-4000 recorders.

Hanwha provided additional information to IPVM about this issue, including other models impacted by the same vulnerability that are not listed on the ICS-CERT release. In this report we provide details on the vulnerability, affected products, and firmware builds for these products to resolve this vulnerability.

***-**** *** ******** ************** ****** *** ****** ***-**** *********.

****** ******** ********** *********** ** **** ***** **** *****, ********* other ****** ******** ** *** **** ************* **** *** *** listed ** *** ***-**** *******. ** **** ****** ** ******* details ** *** *************, ******** ********, *** ******** ****** *** these ******** ** ******* **** *************.

[***************]

Vulnerability ********

*** **** ************ ******:

* ********* ******* **** ******* *** ******** ***** ***** ** attacker ** **** ****** ** *** ****** ********** **** **** admin ********** ******* ****** **************.

****** **** **** **** ************* ** ***** ** ***** ****** in * ********/******* **** * ***** ***** ***** ***** *******. They ***** **** ** ***** ** *********** ********** *** ** attacker *** *** *** ********** ****** ********** ****** ** *** recorder ******* * ****** ***** ** ******** **** ************* ** a ****** ********.

** ** *******, * ****** ******** ******* * **** ** Hanwha ********* ************* *** ******* **** ************* ** **** "**** ****" ****** to ***** *******.

** ****** **** ** ***** **** ** **** ***** ****** Hanwha *********, *** ****** ***** ** ******* ****.

Units ********

******'****-**** ********** ****** ** *** **** **** ********, ****** ****** *** confirmed **** *** ********* ****** *** ****** **** *** *** web ********* *** **** ********* ********:

  • ***-**** ******** ***** ** **.*********
  • ***-***** ******** ***** ** **.*********
  • ***-************ ***** ** **.*********
  • ***-************ ***** ** **.*********

******'* ************* ******, ***** **** *** ******* ** *********, *** ********** *******.

******** *** *** ******** ***** *** ** ********** **********'* ******* ******** ******.

Hanwha ***** ******** *** ****

********* ** ******, **** **** ***** ******** ***** **** ***** in *** ****. ******** ****** *** ************* *** *** ***-****/***/**** models *** ******** ** ****** ****, *** ***-**** ******** *** not ******* ** *** **** ****, *** ** ******** ******** constraints, *** *** **** ******** ** ***** ****. ** ***** credit, ****** *** *********** **** ******* *********** *** ********* *** release *********, *** *** *********** **** ***-**** ******** ******* ****** have **** ********* ** *** **** **** ** *** ***** units.

Pledge ****** ******* ** *** ******

****** **** **** *** ****** * *************-******** ******* ** ***** website, *** *** ********* ** ****** ******** *** ************ ***** for *** ****** *********.

Vulnerability ******/**********

****** **** ************* ** ***** ************ ***** ** *.* ** ***-****, *** ********* ** *** **** ** ***** ** *** be ********, *** *********** **** * **** **** ********** ************ logged **** *** ******** ****** **** **** ***** ********* ** random *********. ************, ******'* ********* *** **** ******* **** ***** cameras, *** ** ******** *** ***** ****** ** ******** ***** to ** ** *** **'* ** ********* (** **********, ****** manufacturers **** ****** **** ******** ** *******). ***** ********* ****** not **** **** ** * ****** ** ***** ********* ******** updates, *** ******** **** ** ***** ** ***** *********, *** the ******** ** ***** ** ***** **** *************** **** ***** any ****** ******** ** ****** * ******.

Call *** ***********

** *** **** ******* **** ********** *********** ** *** *************, especially ************* ******'* ***********, ****** ******* ** ***** ** (****@****.***) and ** **** *********** ****.

Comments (16)

Robert Shih

SavvyTech Security | 05/18/17 06:49pm

****** *** **** **** ** * ******** **** ** ******* from ********, **** **** ********** *** *********. ****** ** **** less ********** **** *** ** ***** *** ** **** **** in *** ********* ***** ****, *** ***** ********* *** ***** doing ***** *** *** ********* ** ****. ***** ** * few **** ** *****, **** *** **** ********* ** ***** scandal ***** ***, ****** **** ******** **** ******* *** ******** from **** ** ****** *** **** ***'* ****** ** ****** else's ********.

**** *****, ******* ***** **** ******* ************* **** * *********** complex ***** **.

John Honovich

IPVM | In reply to Robert Shih | 05/18/17 07:37pm

****** ****** ********** ** ******* ** ** *** ********* *****. Of ******, **** **** *** ** ****** *********** ******.

** * **** ********* **********, ********* *** ******* ** ******** speak ** ** *** **** * ****, ** ********. **********, just ********* * ******* ** *** ******* ********* **** **** was ********** ********* *** ************* ******** **** ****** ******** ** ********* *********** **. * **** * ******* ***** **** ********* ** *** one *** ******* *** ** *** **** ** ******* ** them. ********* ******* ** *******.

Undisclosed Manufacturer #1

In reply to John Honovich | 05/18/17 09:27pm

* ***'* ******* **** *******. **** ** **** * ***** big ***** ****** ****** ** ************* *** ***********.

Undisclosed Integrator #3

In reply to John Honovich | 05/18/17 11:14pm

**** ***** **** ** * ********* ************* **** ********** ***** firmware? ** ***** **** * **** ***** ******* ***.

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #3 | 05/18/17 11:40pm

**** **** ****** ********* ** **** ************* ** **** *** sound **** *** ********* ***************, ***** **** ****** ******** *** directory ********* ********.

** *** *** ******* ** *** ******, * ***** **** more ***-*****, ***********, *********** *** ****** *** ******** ***** ** the ****** ** ********-********* ******** *******, *** *** ********* *** exploit. **** ** ******* ** **** *************** ***** ********** *** reported *** **** *******.

Thumbnail marty2016

Marty Calhoun

IPVMU Certified | In reply to Brian Karas | 05/19/17 10:17am

** ******* ** **** ** *********** ** * '*************' *** the **** ********* ******** *** ********* ** * '**** ****'. What ** *** **** ******** ** *** ********** ******* *** two? **** *******, ****** ** ********** ** ******* ***** *********** with *** **********.

Thumbnail brk1

Brian Karas

IPVM | In reply to Marty Calhoun | 05/19/17 11:45am

*** ********* ******** *** **** ********* ** * *************, *** the ************* **** *** * "********".

*** ********* *** ***** *************** **** **** ********* ** ********* were **** ** ***** *** ****** ***** **** ********* ** the *************** ***** *** ** ** **** *****-***** ****** ** any ****** **** ***** ******* **.

**** ****** ************* ** *** ***** ******* **** ** *** properly ******* **** *** ** (** **** *** ******** ******), allowing * ****** *** ******* ****** ** ** ** ***** to ****** *** ****** ***** ******* ***** ******* ******** **************.

*** *********/***** ******** *** * ******** **** ** ******, *** Hanwha ******* ****** **** ******** ******* ** **** ******* *** admin ******.

Undisclosed Manufacturer #4

In reply to Undisclosed Integrator #3 | 05/19/17 04:48am

********* ******** *** ***** * ***** ****** *** **** ********* for *** ******** **. *** **** *** **** **'* *** web ******* *********. ** *** ******* / ******* ** ******* on, *** *** ** ** **** ********!

** ***** **** ** ***** *** ******* ******** ******** **** over, ** *** ********** **** -*** ****** ** ********, *** rush ********** ** ****** ** ***** **** *** ***** *** latest ******** ** ***

********* **** ****** ********* ***** ** ***** *** *** ****** and ******.

****** *********, **** ** ***, **** *********** ********, ****** **** checks, ******* ***** **** **** **** ****** ******* *** ***.

Undisclosed #2

In reply to Undisclosed Manufacturer #4 | 05/19/17 07:08am

** *** ******* / ******* ** ******* **, *** *** to ** **** ********!

**** ********* ***** ** ****** **** ** *** ******** ** based ** ****/******* ****** **** *** **** ********* **** *****?

Undisclosed Integrator #3

In reply to Undisclosed #2 | 05/19/17 06:56pm

* **** ******* ** **** ********'* ******** ** ******** ***** off ** *&* ****. *** ** *** *** ****** * was ****** ***** ******* ** ******** ******* ****** ** *** don't ******** *** *****.

"*****, *******, *** ****** ** ******" - ****** ***** **** Professor.

Undisclosed #2

In reply to Robert Shih | 05/18/17 11:00pm

****** **** *****'* **** *** ********** ********* ** **** ******** accusations ** *********** ***** ** ******. * ***** **** ***** the ******** ******* ********* **** **** **********.

Undisclosed Distributor #5

In reply to Robert Shih | 05/19/17 09:30am

*'** ********* * *** ***** *** ***** *** *** ******* like **** ** **** * ****** *******, **** *** ** not. *'* **** ***** ** * *** ** **** *** choice, *** ** ***** ** **** *** ****.

Undisclosed Manufacturer #6

In reply to Undisclosed Distributor #5 | 05/19/17 02:30pm

* ***** ** *** ** ** **** *** ********** *** issue **. *** * & * ****** ******** ******** ** devices. *** ****** ***** ******* ********* ** **** ** ********* of *****. * ********* ***** ** *********. *********** ****, ******* a ******* ****** ** ****** **** * ******** **** ******, vs. ****** ** ****** ******** ***** ** **********.

John Honovich

IPVM | In reply to Undisclosed Distributor #5 | 05/19/17 02:44pm

***** *** *** ******* **** **** ** **** * ****** article, **** *** ** ***

*********.

*** *******, **** *** ****** ********* ************* ***** **** *** member's ****:********* *********-********** ******** ************************* ***** ******** ************* *********. ****** ***** *********** *** **** ******'* **** ********* *** **** ******.

* ** **** *** ***** **** ** '****' ** ***-********* because *** *** * ********* ***********.

******, ** *** ** ****** *** *** ***** **** **** Hanwha ************* ** *** "***** ** ***** ****** ** * ********/******* **** * ***** valid ***** ***** *******", ** **** ******* *** ** ** 'front ****' ****** ****. ***** ***, **** **** ** **** that ***** ** ***** *******.

Undisclosed Manufacturer #7

In reply to Robert Shih | 05/19/17 03:45pm

****** **********, **** ** ******, *** *** ** ***** ** Hik *** ***** ********. ****'* *** ** *** **** ** aren't ***** ** *** *** *****, **'** **** ************.

Eddie Perry

05/22/17 01:09pm

**** **** *** ** *** **** **** ***** **** ****** up **** *******

** *** **** ****............

Hanwha_Main page

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

FLIR Restructures Security Division on Aug 22, 2017
FLIR's goal was once to have a single end-to-end security solution. However, FLIR's Security business unit has been struggling, with several areas...
Honeywell Total Connect 2.0 Tested on Aug 22, 2017
Honeywell is one of the biggest brands in security, with Total Connect 2.0 being the company's remote security and smarthome platform. We bought...
IP Camera Cabling Testing Statistics on Aug 22, 2017
Test and certify, or crimp and pray? Some integrators certify every cable they run, while others only inspect cables that have video issues. 130...
Dahua 4K IR PTZ Tested on Aug 21, 2017
4K has made its way to IR PTZs. In this report, we examine the Dahua 6AE830VNI, a 4K PTZ with 30x optical zoom, 200m (~650') integrated IR, and...
Top Used License Plate Capture Cameras on Aug 21, 2017
Capturing license plates is a common video surveillance application. But what cameras do integrators mostly commonly used? Special purpose LPC...
VLAN For Video Surveillance Usage Statistics on Aug 21, 2017
VLANs (see our tutorial) are an option for networks using video surveillance, but how often are they actually used? 125+ integrators told us how...
Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact