Hanwha Recorder Vulnerability Analyzed

Author: Brian Karas, Published on May 18, 2017

ICS-CERT has released a vulnerability notice for Hanwha SRN-4000 recorders.

Hanwha provided additional information to IPVM about this issue, including other models impacted by the same vulnerability that are not listed on the ICS-CERT release. In this report we provide details on the vulnerability, affected products, and firmware builds for these products to resolve this vulnerability.

***-**** *** ******** ************** ****** *** ****** ***-**** *********.

****** ******** ********** *********** ** **** ***** **** *****, ********* other ****** ******** ** *** **** ************* **** *** *** listed ** *** ***-**** *******. ** **** ****** ** ******* details ** *** *************, ******** ********, *** ******** ****** *** these ******** ** ******* **** *************.

[***************]

Vulnerability ********

*** **** ************ ******:

* ********* ******* **** ******* *** ******** ***** ***** ** attacker ** **** ****** ** *** ****** ********** **** **** admin ********** ******* ****** **************.

****** **** **** **** ************* ** ***** ** ***** ****** in * ********/******* **** * ***** ***** ***** ***** *******. They ***** **** ** ***** ** *********** ********** *** ** attacker *** *** *** ********** ****** ********** ****** ** *** recorder ******* * ****** ***** ** ******** **** ************* ** a ****** ********.

** ** *******, * ****** ******** ******* * **** ** Hanwha ********* ************* *** ******* **** ************* ** **** "**** ****" ****** to ***** *******.

** ****** **** ** ***** **** ** **** ***** ****** Hanwha *********, *** ****** ***** ** ******* ****.

Units ********

******'****-**** ********** ****** ** *** **** **** ********, ****** ****** *** confirmed **** *** ********* ****** *** ****** **** *** *** web ********* *** **** ********* ********:

  • ***-**** ******** ***** ** **.*********
  • ***-***** ******** ***** ** **.*********
  • ***-************ ***** ** **.*********
  • ***-************ ***** ** **.*********

******'* ************* ******, ***** **** *** ******* ** *********, *** ********** *******.

******** *** *** ******** ***** *** ** ********** **********'* ******* ******** ******.

Hanwha ***** ******** *** ****

********* ** ******, **** **** ***** ******** ***** **** ***** in *** ****. ******** ****** *** ************* *** *** ***-****/***/**** models *** ******** ** ****** ****, *** ***-**** ******** *** not ******* ** *** **** ****, *** ** ******** ******** constraints, *** *** **** ******** ** ***** ****. ** ***** credit, ****** *** *********** **** ******* *********** *** ********* *** release *********, *** *** *********** **** ***-**** ******** ******* ****** have **** ********* ** *** **** **** ** *** ***** units.

Pledge ****** ******* ** *** ******

****** **** **** *** ****** * *************-******** ******* ** ***** website, *** *** ********* ** ****** ******** *** ************ ***** for *** ****** *********.

Vulnerability ******/**********

****** **** ************* ** ***** ************ ***** ** *.* ** ***-****, *** ********* ** *** **** ** ***** ** *** be ********, *** *********** **** * **** **** ********** ************ logged **** *** ******** ****** **** **** ***** ********* ** random *********. ************, ******'* ********* *** **** ******* **** ***** cameras, *** ** ******** *** ***** ****** ** ******** ***** to ** ** *** **'* ** ********* (** **********, ****** manufacturers **** ****** **** ******** ** *******). ***** ********* ****** not **** **** ** * ****** ** ***** ********* ******** updates, *** ******** **** ** ***** ** ***** *********, *** the ******** ** ***** ** ***** **** *************** **** ***** any ****** ******** ** ****** * ******.

Call *** ***********

** *** **** ******* **** ********** *********** ** *** *************, especially ************* ******'* ***********, ****** ******* ** ***** ** (****@****.***) and ** **** *********** ****.

Comments (16)

Robert Shih

SavvyTech Security | 05/18/17 06:49pm

****** *** **** **** ** * ******** **** ** ******* from ********, **** **** ********** *** *********. ****** ** **** less ********** **** *** ** ***** *** ** **** **** in *** ********* ***** ****, *** ***** ********* *** ***** doing ***** *** *** ********* ** ****. ***** ** * few **** ** *****, **** *** **** ********* ** ***** scandal ***** ***, ****** **** ******** **** ******* *** ******** from **** ** ****** *** **** ***'* ****** ** ****** else's ********.

**** *****, ******* ***** **** ******* ************* **** * *********** complex ***** **.

John Honovich

IPVM | In reply to Robert Shih | 05/18/17 07:37pm

****** ****** ********** ** ******* ** ** *** ********* *****. Of ******, **** **** *** ** ****** *********** ******.

** * **** ********* **********, ********* *** ******* ** ******** speak ** ** *** **** * ****, ** ********. **********, just ********* * ******* ** *** ******* ********* **** **** was ********** ********* *** ************* ******** **** ****** ******** ** ********* *********** **. * **** * ******* ***** **** ********* ** *** one *** ******* *** ** *** **** ** ******* ** them. ********* ******* ** *******.

Undisclosed Manufacturer #1

In reply to John Honovich | 05/18/17 09:27pm

* ***'* ******* **** *******. **** ** **** * ***** big ***** ****** ****** ** ************* *** ***********.

Undisclosed Integrator #3

In reply to John Honovich | 05/18/17 11:14pm

**** ***** **** ** * ********* ************* **** ********** ***** firmware? ** ***** **** * **** ***** ******* ***.

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #3 | 05/18/17 11:40pm

**** **** ****** ********* ** **** ************* ** **** *** sound **** *** ********* ***************, ***** **** ****** ******** *** directory ********* ********.

** *** *** ******* ** *** ******, * ***** **** more ***-*****, ***********, *********** *** ****** *** ******** ***** ** the ****** ** ********-********* ******** *******, *** *** ********* *** exploit. **** ** ******* ** **** *************** ***** ********** *** reported *** **** *******.

Thumbnail marty2016

Marty Calhoun

IPVMU Certified | In reply to Brian Karas | 05/19/17 10:17am

** ******* ** **** ** *********** ** * '*************' *** the **** ********* ******** *** ********* ** * '**** ****'. What ** *** **** ******** ** *** ********** ******* *** two? **** *******, ****** ** ********** ** ******* ***** *********** with *** **********.

Thumbnail brk1

Brian Karas

IPVM | In reply to Marty Calhoun | 05/19/17 11:45am

*** ********* ******** *** **** ********* ** * *************, *** the ************* **** *** * "********".

*** ********* *** ***** *************** **** **** ********* ** ********* were **** ** ***** *** ****** ***** **** ********* ** the *************** ***** *** ** ** **** *****-***** ****** ** any ****** **** ***** ******* **.

**** ****** ************* ** *** ***** ******* **** ** *** properly ******* **** *** ** (** **** *** ******** ******), allowing * ****** *** ******* ****** ** ** ** ***** to ****** *** ****** ***** ******* ***** ******* ******** **************.

*** *********/***** ******** *** * ******** **** ** ******, *** Hanwha ******* ****** **** ******** ******* ** **** ******* *** admin ******.

Undisclosed Manufacturer #4

In reply to Undisclosed Integrator #3 | 05/19/17 04:48am

********* ******** *** ***** * ***** ****** *** **** ********* for *** ******** **. *** **** *** **** **'* *** web ******* *********. ** *** ******* / ******* ** ******* on, *** *** ** ** **** ********!

** ***** **** ** ***** *** ******* ******** ******** **** over, ** *** ********** **** -*** ****** ** ********, *** rush ********** ** ****** ** ***** **** *** ***** *** latest ******** ** ***

********* **** ****** ********* ***** ** ***** *** *** ****** and ******.

****** *********, **** ** ***, **** *********** ********, ****** **** checks, ******* ***** **** **** **** ****** ******* *** ***.

Undisclosed #2

In reply to Undisclosed Manufacturer #4 | 05/19/17 07:08am

** *** ******* / ******* ** ******* **, *** *** to ** **** ********!

**** ********* ***** ** ****** **** ** *** ******** ** based ** ****/******* ****** **** *** **** ********* **** *****?

Undisclosed Integrator #3

In reply to Undisclosed Integrator #2 | 05/19/17 06:56pm

* **** ******* ** **** ********'* ******** ** ******** ***** off ** *&* ****. *** ** *** *** ****** * was ****** ***** ******* ** ******** ******* ****** ** *** don't ******** *** *****.

"*****, *******, *** ****** ** ******" - ****** ***** **** Professor.

Undisclosed #2

In reply to Robert Shih | 05/18/17 11:00pm

****** **** *****'* **** *** ********** ********* ** **** ******** accusations ** *********** ***** ** ******. * ***** **** ***** the ******** ******* ********* **** **** **********.

Undisclosed Distributor #5

In reply to Robert Shih | 05/19/17 09:30am

*'** ********* * *** ***** *** ***** *** *** ******* like **** ** **** * ****** *******, **** *** ** not. *'* **** ***** ** * *** ** **** *** choice, *** ** ***** ** **** *** ****.

Undisclosed Manufacturer #6

In reply to Undisclosed Distributor #5 | 05/19/17 02:30pm

* ***** ** *** ** ** **** *** ********** *** issue **. *** * & * ****** ******** ******** ** devices. *** ****** ***** ******* ********* ** **** ** ********* of *****. * ********* ***** ** *********. *********** ****, ******* a ******* ****** ** ****** **** * ******** **** ******, vs. ****** ** ****** ******** ***** ** **********.

John Honovich

IPVM | In reply to Undisclosed Distributor #5 | 05/19/17 02:44pm

***** *** *** ******* **** **** ** **** * ****** article, **** *** ** ***

*********.

*** *******, **** *** ****** ********* ************* ***** **** *** member's ****:********* *********-********** ******** ************************* ***** ******** ************* *********. ****** ***** *********** *** **** ******'* **** ********* *** **** ******.

* ** **** *** ***** **** ** '****' ** ***-********* because *** *** * ********* ***********.

******, ** *** ** ****** *** *** ***** **** **** Hanwha ************* ** *** "***** ** ***** ****** ** * ********/******* **** * ***** valid ***** ***** *******", ** **** ******* *** ** ** 'front ****' ****** ****. ***** ***, **** **** ** **** that ***** ** ***** *******.

Undisclosed Manufacturer #7

In reply to Robert Shih | 05/19/17 03:45pm

****** **********, **** ** ******, *** *** ** ***** ** Hik *** ***** ********. ****'* *** ** *** **** ** aren't ***** ** *** *** *****, **'** **** ************.

Eddie Perry

05/22/17 01:09pm

**** **** *** ** *** **** **** ***** **** ****** up **** *******

** *** **** ****............

Hanwha_Main page

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Directory of Video Surveillance Startups on Jul 18, 2018
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known entity...
Ladder Lockdown and Ladder Levelizer Tested on Jul 18, 2018
Ladders are a daily necessity for surveillance and security installers, but working on an unstable surface can be extremely dangerous. In addition...
FST Fails on Jul 17, 2018
FST was one of the hottest startups of the decade, selected as the best new product at ISC West 2011 and backed with tens of millions in...
Axis ~$100 Camera Tested on Jul 17, 2018
Axis has released their lowest cost camera ever, the Companion Eye Mini L, setting their sights on a market dominated by Hikvision and Dahua. Can...
Amazon Ring Alarm System Tested on Jul 16, 2018
Amazon Ring is going to hurt traditional dealers, and especially ADT, new IPVM test results of Ring's Alarm system underscore. IPVM found that...
Hikvision Wins Chinese Government Forced Facial Recognition Project Across 967 Mosques on Jul 16, 2018
Hikvision has won a Chinese government tender which requires that facial recognition cameras be set up at the entrance of every single mosque...
Installing Dome Cameras Indoors Guide on Jul 16, 2018
IPVM is producing the definitive series on installing surveillance cameras. This entry covers one of the most common scenarios - installing dome...
Security Sales Course Summer 2018 on Jul 13, 2018
Based on member's interest, IPVM is offering a security sales course this summer. Register Now - IPVM Security Sales Course Summer 2018 This...
US Tariffs Hit China Video Surveillance on Jul 13, 2018
Chinese video surveillance products avoided tariffs for the first two rounds. Now, in the third round, many video surveillance products will be...
Last Chance - July 2018 IP Networking Course on Jul 12, 2018
Registration ends today, Thursday. Register now. This is the only networking course designed specifically for video surveillance...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact