CVE-2024-54013: CWE-306 Missing authentication for critical function in Hanwha Vision QND-8080R
CVE-2024-54013 is a high-severity vulnerability in the Hanwha Vision QND-8080R device involving missing authentication for a critical function in its web server component. Discovered by penetration testers at Amazon, the flaw could allow unintended access to protected functions under certain conditions. The manufacturer has released patch firmware addressing this issue. The vulnerability has a CVSS 4.0 score of 8.7, indicating a high impact with network attack vector and no required privileges or user interaction. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
CVE-2024-54013 is a CWE-306 (Missing Authentication for Critical Function) vulnerability affecting the Hanwha Vision QND-8080R device. It arises from improper request handling in the device's web server, potentially allowing unauthorized access to protected functions. The vulnerability was identified by Amazon penetration testers. The CVSS 4.0 vector indicates the attack can be performed remotely over the network without privileges or user interaction, with high impact on confidentiality, integrity, and availability. The manufacturer has released patch firmware to remediate the issue, though no direct patch links or detailed remediation instructions are provided in the available data.
Potential Impact
The vulnerability allows an attacker to access critical functions on the QND-8080R device without authentication, potentially compromising confidentiality, integrity, and availability of the device. This could lead to unauthorized control or disruption of device operations. No known exploits have been reported in the wild so far.
Mitigation Recommendations
The manufacturer has released patch firmware to address this vulnerability. Users of the Hanwha Vision QND-8080R device should apply the official firmware update as soon as possible. Since no detailed vendor advisory or patch links are provided here, users should consult the manufacturer's official security advisories or support channels for the latest firmware and installation instructions. Patch status is not yet fully confirmed in this data; verify with the vendor for current remediation guidance.
CVE-2024-54013: CWE-306 Missing authentication for critical function in Hanwha Vision QND-8080R
Description
CVE-2024-54013 is a high-severity vulnerability in the Hanwha Vision QND-8080R device involving missing authentication for a critical function in its web server component. Discovered by penetration testers at Amazon, the flaw could allow unintended access to protected functions under certain conditions. The manufacturer has released patch firmware addressing this issue. The vulnerability has a CVSS 4.0 score of 8.7, indicating a high impact with network attack vector and no required privileges or user interaction. No known exploits are reported in the wild at this time.
CVSS v4.0
Score 8.7high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-54013 is a CWE-306 (Missing Authentication for Critical Function) vulnerability affecting the Hanwha Vision QND-8080R device. It arises from improper request handling in the device's web server, potentially allowing unauthorized access to protected functions. The vulnerability was identified by Amazon penetration testers. The CVSS 4.0 vector indicates the attack can be performed remotely over the network without privileges or user interaction, with high impact on confidentiality, integrity, and availability. The manufacturer has released patch firmware to remediate the issue, though no direct patch links or detailed remediation instructions are provided in the available data.
Potential Impact
The vulnerability allows an attacker to access critical functions on the QND-8080R device without authentication, potentially compromising confidentiality, integrity, and availability of the device. This could lead to unauthorized control or disruption of device operations. No known exploits have been reported in the wild so far.
Mitigation Recommendations
The manufacturer has released patch firmware to address this vulnerability. Users of the Hanwha Vision QND-8080R device should apply the official firmware update as soon as possible. Since no detailed vendor advisory or patch links are provided here, users should consult the manufacturer's official security advisories or support channels for the latest firmware and installation instructions. Patch status is not yet fully confirmed in this data; verify with the vendor for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Hanwha_Vision
- Date Reserved
- 2024-11-27T00:56:05.852Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f0602fcbff5d8610cfd2b8
Added to database: 4/28/2026, 7:22:23 AM
Last enriched: 5/5/2026, 7:37:54 AM
Last updated: 6/13/2026, 10:19:53 AM
Views: 47
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.