CVE-2024-54012 | THREATINT

Description

Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer's report for details and workarounds.

PUBLISHED Reserved 2024-11-27 | Published 2026-04-28 | Updated 2026-04-28 | Assigner Hanwha_Vision

HIGH: 8.5CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

Product status

Default status

unaffected

Any version before 2.24.00

affected

References

www.hanwhavision.com/...bility-ReportCVE-2024-5401154013.pdf

cve.org (CVE-2024-54012)

nvd.nist.gov (CVE-2024-54012)

Download JSON