CVE-2024-41887 is a medium-severity vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as Path Traversal) affecting the Hanwha Vision XRN-420S Network Video Recorder (NVR) devices running firmware version 5.01.62 and earlier. The flaw was discovered by Team ENVY and allows an unauthenticated remote attacker to exploit the path traversal weakness to create or manipulate log files outside the intended directory scope. Specifically, the attacker can create an NVR log file in a directory one level higher than the designated log directory. This capability can be leveraged to corrupt or overwrite files in that directory, potentially leading to remote code execution (RCE) on the device. The vulnerability does not require user interaction or authentication but does require high privileges (PR:H) according to the CVSS vector, which suggests some form of elevated access or prior compromise may be necessary to exploit fully. The CVSS 4.0 base score is 5.1, reflecting a medium severity level with network attack vector, low integrity impact, and no impact on confidentiality or availability. The manufacturer has released patched firmware to address this issue, though no known exploits are currently observed in the wild. This vulnerability poses a risk to the integrity of the NVR system and could allow attackers to execute arbitrary code remotely, potentially compromising surveillance infrastructure and the security monitoring capabilities of affected organizations.

For European organizations, the impact of this vulnerability can be significant, especially for entities relying on Hanwha Vision XRN-420S NVRs for critical security surveillance such as government agencies, transportation hubs, critical infrastructure, and large enterprises. Successful exploitation could allow attackers to corrupt log files, hide malicious activity, or execute arbitrary code, leading to loss of integrity and control over surveillance systems. This could result in unauthorized access to video feeds, disruption of security monitoring, or use of compromised devices as footholds for lateral movement within networks. Given the importance of video surveillance in physical security and compliance with regulations like GDPR, any compromise could also lead to regulatory scrutiny and reputational damage. The medium CVSS score suggests moderate risk, but the potential for remote code execution elevates the threat in environments where these devices are widely deployed and not promptly patched.

European organizations using Hanwha Vision XRN-420S devices should immediately verify their firmware versions and upgrade to the latest patched firmware provided by the manufacturer. Network segmentation should be enforced to isolate NVR devices from general IT networks, limiting exposure to potential attackers. Access controls must be reviewed to ensure that only authorized personnel have administrative privileges on these devices, reducing the risk posed by the PR:H requirement in the CVSS vector. Monitoring and alerting on unusual file creation or modification activities in directories adjacent to log storage can help detect exploitation attempts. Additionally, organizations should implement strict network perimeter defenses such as firewalls and intrusion detection/prevention systems (IDS/IPS) to restrict external access to NVR management interfaces. Regular vulnerability scanning and penetration testing focused on physical security infrastructure are recommended to identify and remediate similar issues proactively.