Hanwha Recorder Vulnerability Analyzed

Author: Brian Karas, Published on May 18, 2017

ICS-CERT has released a vulnerability notice for Hanwha SRN-4000 recorders.

Hanwha provided additional information to IPVM about this issue, including other models impacted by the same vulnerability that are not listed on the ICS-CERT release. In this report we provide details on the vulnerability, affected products, and firmware builds for these products to resolve this vulnerability.

***-**** *** ******** ************** ****** *** ****** ***-**** *********.

****** ******** ********** *********** ** **** ***** **** *****, ********* other ****** ******** ** *** **** ************* **** *** *** listed ** *** ***-**** *******. ** **** ****** ** ******* details ** *** *************, ******** ********, *** ******** ****** *** these ******** ** ******* **** *************.

[***************]

Vulnerability ********

*** **** ************ ******:

* ********* ******* **** ******* *** ******** ***** ***** ** attacker ** **** ****** ** *** ****** ********** **** **** admin ********** ******* ****** **************.

****** **** **** **** ************* ** ***** ** ***** ****** in * ********/******* **** * ***** ***** ***** ***** *******. They ***** **** ** ***** ** *********** ********** *** ** attacker *** *** *** ********** ****** ********** ****** ** *** recorder ******* * ****** ***** ** ******** **** ************* ** a ****** ********.

** ** *******, * ****** ******** ******* * **** ** Hanwha ********* ************* *** ******* **** ************* ** **** "**** ****" ****** to ***** *******.

** ****** **** ** ***** **** ** **** ***** ****** Hanwha *********, *** ****** ***** ** ******* ****.

Units ********

******'****-**** ********** ****** ** *** **** **** ********, ****** ****** *** confirmed **** *** ********* ****** *** ****** **** *** *** web ********* *** **** ********* ********:

  • ***-**** ******** ***** ** **.*********
  • ***-***** ******** ***** ** **.*********
  • ***-************ ***** ** **.*********
  • ***-************ ***** ** **.*********

******'* ************* ******, ***** **** *** ******* ** *********, *** ********** *******.

******** *** *** ******** ***** *** ** ********** **********'* ******* ******** ******.

Hanwha ***** ******** *** ****

********* ** ******, **** **** ***** ******** ***** **** ***** in *** ****. ******** ****** *** ************* *** *** ***-****/***/**** models *** ******** ** ****** ****, *** ***-**** ******** *** not ******* ** *** **** ****, *** ** ******** ******** constraints, *** *** **** ******** ** ***** ****. ** ***** credit, ****** *** *********** **** ******* *********** *** ********* *** release *********, *** *** *********** **** ***-**** ******** ******* ****** have **** ********* ** *** **** **** ** *** ***** units.

Pledge ****** ******* ** *** ******

****** **** **** *** ****** * *************-******** ******* ** ***** website, *** *** ********* ** ****** ******** *** ************ ***** for *** ****** *********.

Vulnerability ******/**********

****** **** ************* ** ***** ************ ***** ** *.* ** ***-****, *** ********* ** *** **** ** ***** ** *** be ********, *** *********** **** * **** **** ********** ************ logged **** *** ******** ****** **** **** ***** ********* ** random *********. ************, ******'* ********* *** **** ******* **** ***** cameras, *** ** ******** *** ***** ****** ** ******** ***** to ** ** *** **'* ** ********* (** **********, ****** manufacturers **** ****** **** ******** ** *******). ***** ********* ****** not **** **** ** * ****** ** ***** ********* ******** updates, *** ******** **** ** ***** ** ***** *********, *** the ******** ** ***** ** ***** **** *************** **** ***** any ****** ******** ** ****** * ******.

Call *** ***********

** *** **** ******* **** ********** *********** ** *** *************, especially ************* ******'* ***********, ****** ******* ** ***** ** (****@****.***) and ** **** *********** ****.

Comments (16)

Robert Shih

SavvyTech Security | 05/19/17 02:49am

****** *** **** **** ** * ******** **** ** ******* from ********, **** **** ********** *** *********. ****** ** **** less ********** **** *** ** ***** *** ** **** **** in *** ********* ***** ****, *** ***** ********* *** ***** doing ***** *** *** ********* ** ****. ***** ** * few **** ** *****, **** *** **** ********* ** ***** scandal ***** ***, ****** **** ******** **** ******* *** ******** from **** ** ****** *** **** ***'* ****** ** ****** else's ********.

**** *****, ******* ***** **** ******* ************* **** * *********** complex ***** **.

John Honovich

IPVM | In reply to Robert Shih | 05/18/17 07:37pm

****** ****** ********** ** ******* ** ** *** ********* *****. Of ******, **** **** *** ** ****** *********** ******.

** * **** ********* **********, ********* *** ******* ** ******** speak ** ** *** **** * ****, ** ********. **********, just ********* * ******* ** *** ******* ********* **** **** was ********** ********* *** ************* ******** **** ****** ******** ** ********* *********** **. * **** * ******* ***** **** ********* ** *** one *** ******* *** ** *** **** ** ******* ** them. ********* ******* ** *******.

Undisclosed Manufacturer #1

In reply to John Honovich | 05/18/17 09:27pm

* ***'* ******* **** *******. **** ** **** * ***** big ***** ****** ****** ** ************* *** ***********.

Undisclosed Integrator #3

In reply to John Honovich | 05/18/17 11:14pm

**** ***** **** ** * ********* ************* **** ********** ***** firmware? ** ***** **** * **** ***** ******* ***.

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #3 | 05/18/17 11:40pm

**** **** ****** ********* ** **** ************* ** **** *** sound **** *** ********* ***************, ***** **** ****** ******** *** directory ********* ********.

** *** *** ******* ** *** ******, * ***** **** more ***-*****, ***********, *********** *** ****** *** ******** ***** ** the ****** ** ********-********* ******** *******, *** *** ********* *** exploit. **** ** ******* ** **** *************** ***** ********** *** reported *** **** *******.

Thumbnail marty2016

Marty Calhoun

IPVMU Certified | In reply to Brian Karas | 05/19/17 10:17am

** ******* ** **** ** *********** ** * '*************' *** the **** ********* ******** *** ********* ** * '**** ****'. What ** *** **** ******** ** *** ********** ******* *** two? **** *******, ****** ** ********** ** ******* ***** *********** with *** **********.

Thumbnail brk1

Brian Karas

IPVM | In reply to Marty Calhoun | 05/19/17 11:45am

*** ********* ******** *** **** ********* ** * *************, *** the ************* **** *** * "********".

*** ********* *** ***** *************** **** **** ********* ** ********* were **** ** ***** *** ****** ***** **** ********* ** the *************** ***** *** ** ** **** *****-***** ****** ** any ****** **** ***** ******* **.

**** ****** ************* ** *** ***** ******* **** ** *** properly ******* **** *** ** (** **** *** ******** ******), allowing * ****** *** ******* ****** ** ** ** ***** to ****** *** ****** ***** ******* ***** ******* ******** **************.

*** *********/***** ******** *** * ******** **** ** ******, *** Hanwha ******* ****** **** ******** ******* ** **** ******* *** admin ******.

Undisclosed Manufacturer #4

In reply to Undisclosed Integrator #3 | 05/19/17 04:48am

********* ******** *** ***** * ***** ****** *** **** ********* for *** ******** **. *** **** *** **** **'* *** web ******* *********. ** *** ******* / ******* ** ******* on, *** *** ** ** **** ********!

** ***** **** ** ***** *** ******* ******** ******** **** over, ** *** ********** **** -*** ****** ** ********, *** rush ********** ** ****** ** ***** **** *** ***** *** latest ******** ** ***

********* **** ****** ********* ***** ** ***** *** *** ****** and ******.

****** *********, **** ** ***, **** *********** ********, ****** **** checks, ******* ***** **** **** **** ****** ******* *** ***.

Undisclosed Integrator #2

In reply to Undisclosed Manufacturer #4 | 05/19/17 07:08am

** *** ******* / ******* ** ******* **, *** *** to ** **** ********!

**** ********* ***** ** ****** **** ** *** ******** ** based ** ****/******* ****** **** *** **** ********* **** *****?

Undisclosed Integrator #3

In reply to Undisclosed Integrator #2 | 05/19/17 06:56pm

* **** ******* ** **** ********'* ******** ** ******** ***** off ** *&* ****. *** ** *** *** ****** * was ****** ***** ******* ** ******** ******* ****** ** *** don't ******** *** *****.

"*****, *******, *** ****** ** ******" - ****** ***** **** Professor.

Undisclosed Integrator #2

In reply to Robert Shih | 05/19/17 07:00am

****** **** *****'* **** *** ********** ********* ** **** ******** accusations ** *********** ***** ** ******. * ***** **** ***** the ******** ******* ********* **** **** **********.

Undisclosed Distributor #5

In reply to Robert Shih | 05/19/17 09:30am

*'** ********* * *** ***** *** ***** *** *** ******* like **** ** **** * ****** *******, **** *** ** not. *'* **** ***** ** * *** ** **** *** choice, *** ** ***** ** **** *** ****.

Undisclosed Manufacturer #6

In reply to Undisclosed Distributor #5 | 05/19/17 10:30am

* ***** ** *** ** ** **** *** ********** *** issue **. *** * & * ****** ******** ******** ** devices. *** ****** ***** ******* ********* ** **** ** ********* of *****. * ********* ***** ** *********. *********** ****, ******* a ******* ****** ** ****** **** * ******** **** ******, vs. ****** ** ****** ******** ***** ** **********.

John Honovich

IPVM | In reply to Undisclosed Distributor #5 | 05/19/17 02:44pm

***** *** *** ******* **** **** ** **** * ****** article, **** *** ** ***

*********.

*** *******, **** *** ****** ********* ************* ***** **** *** member's ****:********* *********-********** ******** ************************* ***** ******** ************* *********. ****** ***** *********** *** **** ******'* **** ********* *** **** ******.

* ** **** *** ***** **** ** '****' ** ***-********* because *** *** * ********* ***********.

******, ** *** ** ****** *** *** ***** **** **** Hanwha ************* ** *** "***** ** ***** ****** ** * ********/******* **** * ***** valid ***** ***** *******", ** **** ******* *** ** ** 'front ****' ****** ****. ***** ***, **** **** ** **** that ***** ** ***** *******.

Undisclosed Manufacturer #7

In reply to Robert Shih | 05/19/17 03:45pm

****** **********, **** ** ******, *** *** ** ***** ** Hik *** ***** ********. ****'* *** ** *** **** ** aren't ***** ** *** *** *****, **'** **** ************.

Eddie Perry

05/22/17 01:09pm

**** **** *** ** *** **** **** ***** **** ****** up **** *******

** *** **** ****............

Hanwha_Main page

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Importance of Sales To Integrators - Statistics on Jun 23, 2017
One of the top trends in the industry over the past few years has been the rise of across-the-board sales (e.g.: Hikvision Sales, Dahua Sale,...
Deep Learning Surveillance Startups Deep Problem on Jun 23, 2017
The undeniably good news for the video surveillance market is that we are seeing the rise of more startups than in many years. The cause of this...
Avigilon Announces RADAR-Based Presence Detector on Jun 22, 2017
RADAR is gaining momentum within physical security. Two months after Axis announced a network radar detector, Avigilon has announced a RADAR-Based...
Covert Cloud Camera Service Launching (KJB) on Jun 22, 2017
Cloud IP cameras, for consumers, has become increasingly commonplace. However, covert cameras, lag there, with few options. Now, North America's...
Manufacturers Shipping Unlicensed H.265 Products on Jun 22, 2017
While H.265 support in video surveillance is growing, IPVM's research shows that most surveillance manufacturers are shipping H.265 products with...
Uniview Low-Cost Bullet PTZ Tested on Jun 21, 2017
Uniview is offering a HD zoom bullet camera, the IPC742SR9-PZ30-32G, with an integrated pan / tilt positioner, for the price of a low-cost...
QSR Video Surveillance Best Practices on Jun 21, 2017
Fast food restaurants or QSRs (quick service restaurants), are frequent victims of crime and fraud. Because they are open late, deal with cash, and...
45 Drives 'Lowest Cost' Enterprise Storage Company Profile on Jun 21, 2017
45 Drives claims the "lowest cost per Hard Drive Slot in the industry." But who or what is '45 Drives'? What started as a product design to...
No Hack, Still Liable, Court Finds ADT on Jun 20, 2017
Recently, ADT has been in the news for a $16 million settlement for a cyber security vulnerability class action suit. One of the most important...
Resolver / PPM 2000 Incident Management Platform Profile on Jun 20, 2017
You might have seen the company whose employees wear hockey jerseys at trade shows and wondered "what do they do?" PPM 2000 has been active in...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact