{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-54013", "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "state": "PUBLISHED", "assignerShortName": "Hanwha_Vision", "dateReserved": "2024-11-27T00:56:05.852Z", "datePublished": "2026-04-28T07:06:17.252Z", "dateUpdated": "2026-04-28T12:34:26.408Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "shortName": "Hanwha_Vision", "dateUpdated": "2026-04-28T07:06:17.252Z"}, "title": "Authentication Bypass", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "affected": [{"vendor": "Hanwha Vision", "product": "QND-8080R", "versions": [{"status": "affected", "version": "0", "lessThan": "2.24.00", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds</p>"}]}], "references": [{"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T12:34:15.429838Z", "id": "CVE-2024-54013", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:34:26.408Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-54013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-28T12:34:15.429838Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:34:20.190Z"}}], "cna": {"title": "Authentication Bypass", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hanwha Vision", "product": "QND-8080R", "versions": [{"status": "affected", "version": "0", "lessThan": "2.24.00", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds", "supportingMedia": [{"type": "text/html", "value": "<p>Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function"}]}], "providerMetadata": {"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "shortName": "Hanwha_Vision", "dateUpdated": "2026-04-28T07:06:17.252Z"}}}, "cveMetadata": {"cveId": "CVE-2024-54013", "state": "PUBLISHED", "dateUpdated": "2026-04-28T12:34:26.408Z", "dateReserved": "2024-11-27T00:56:05.852Z", "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "datePublished": "2026-04-28T07:06:17.252Z", "assignerShortName": "Hanwha_Vision"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds"}], "id": "CVE-2024-54013", "lastModified": "2026-04-28T20:11:56.713", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "type": "Secondary"}]}, "published": "2026-04-28T08:16:01.147", "references": [{"source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"}], "sourceIdentifier": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.24.00)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "QND-8080R", "source": "cna", "vendor": "Hanwha Vision"}, "product": "qnd-8080r", "vendor": "hanwhavision"}], "analysis": {"en": {"generated_at": "2026-04-28T19:27:35.586572+00:00", "value": {"mitigation_remediation": ["Download and install the latest firmware patch from Hanwha Vision for the QND-8080R camera.", "Limit remote access to the camera\u2019s web interface by configuring firewall rules or network segmentation to allow only trusted administrators.", "Disable the web interface on the camera if it is not required for operation and ensure that the device is not exposed to the public internet."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access through Authentication Bypass"}, "threat_synthesis": {"affected_systems": "Hanwha Vision\u2019s QND\u20118080R network cameras are affected. The vulnerability exists in the web server firmware that is shipped with these devices, and any device running the unpatched firmware is at risk. The vendor has released a firmware update to address the issue; specific firmware version numbers are not listed in the CVE data.", "description_and_impact": "Penetration testers have uncovered a flaw in the request handling of the QND-8080R camera\u2019s web server component that can allow an attacker to bypass normal authentication checks and call protected functions. The vulnerability is a classic example of an authentication bypass (CWE\u2011306), which could let an unauthenticated user control camera settings or access sensitive data without authorization.", "risk_and_exploitability": "The CVSS score of 8.7 classifies this as a high\u2011severity flaw, and the lack of an EPSS score means the current exploitation likelihood is unspecified. The vulnerability is not listed in the CISA KEV catalog, but it can be exploited remotely by any host that can reach the camera\u2019s HTTP/HTTPS interface. The likely attack vector is remote exploitation via the camera\u2019s web interface, as the flaw resides in the web server component."}}}}, "created": "2026-04-28T09:00:06.158008+00:00", "updated": "2026-04-28T19:30:27.388621+00:00", "vendors": ["hanwhavision", "hanwhavision$PRODUCT$qnd-8080r"]}