IM
IronMonkey Threat Research

CVE-2019-18230 HIGH

Published: 2019-10-31 | Last Modified: 2024-11-21 | Status: Modified

Description

Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.

Additional Descriptions (1)

En las cámaras IP Honeywell equIP and Performance series, múltiples versiones, una vulnerabilidad se presenta donde el producto afectado permite el acceso no autenticado a la transmisión de audio mediante HTTP.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-306
[email protected] Primary
en CWE-306

Affected Products

Vendor Product Version Update Type
honeywell h4d8pr1_firmware * <built-in method update of dict object at 0x7c3bf3e4e540> Operating System
honeywell hfd5pr1_firmware * <built-in method update of dict object at 0x7c3c29bdda00> Operating System
honeywell hpw2p1_firmware * <built-in method update of dict object at 0x7c3c2be85040> Operating System
honeywell hdzp304di_firmware * <built-in method update of dict object at 0x7c3c327e0240> Operating System
honeywell hdzp252di_firmware * <built-in method update of dict object at 0x7c3c29bdf000> Operating System
honeywell hdz302din-s1_firmware * <built-in method update of dict object at 0x7c3c29bdf080> Operating System
honeywell hdz302lik_firmware * <built-in method update of dict object at 0x7c3c477eb140> Operating System
honeywell hdz302liw_firmware * <built-in method update of dict object at 0x7c3c2a9b5180> Operating System
honeywell hfd6gr1_firmware * <built-in method update of dict object at 0x7c3c32d52940> Operating System
honeywell hfd8gr1_firmware * <built-in method update of dict object at 0x7c3c29bdccc0> Operating System
honeywell hm4l8gr1_firmware * <built-in method update of dict object at 0x7c3c327e3bc0> Operating System
honeywell hmbl8gr1_firmware * <built-in method update of dict object at 0x7c3c477e7fc0> Operating System
honeywell h2w2gr1_firmware * <built-in method update of dict object at 0x7c3c48154940> Operating System
honeywell h3w2gr1_firmware * <built-in method update of dict object at 0x7c3c2a9b4b80> Operating System
honeywell h3w2gr1v_firmware * <built-in method update of dict object at 0x7c3c2a9b4d40> Operating System
honeywell h3w2gr2_firmware * <built-in method update of dict object at 0x7c3c2a9b6ec0> Operating System
honeywell h3w4gr1_firmware * <built-in method update of dict object at 0x7c3c2a9b7d80> Operating System
honeywell h3w4gr1v_firmware * <built-in method update of dict object at 0x7c3c327f9880> Operating System
honeywell h4d8gr1_firmware * <built-in method update of dict object at 0x7c3c2a9b4880> Operating System
honeywell h4l2gr1_firmware * <built-in method update of dict object at 0x7c3c2a9b5e80> Operating System
honeywell h4l2gr1v_firmware * <built-in method update of dict object at 0x7c3c2a9b6800> Operating System
honeywell h4l6gr2_firmware * <built-in method update of dict object at 0x7c3c2a9b4640> Operating System
honeywell h4lggr2_firmware * <built-in method update of dict object at 0x7c3c3372ecc0> Operating System
honeywell h4w2gr1_firmware * <built-in method update of dict object at 0x7c3c2a9b4780> Operating System
honeywell h4w2gr1v_firmware * <built-in method update of dict object at 0x7c3bf1847240> Operating System
honeywell h4w2gr2_firmware * <built-in method update of dict object at 0x7c3c2a9b6600> Operating System
honeywell h4w4gr1_firmware * <built-in method update of dict object at 0x7c3c2a9b4440> Operating System
honeywell h4w4gr1v_firmware * <built-in method update of dict object at 0x7c3c2a9b4b40> Operating System
honeywell hbd8gr1_firmware * <built-in method update of dict object at 0x7c3c28b16380> Operating System
honeywell hbl2gr1_firmware * <built-in method update of dict object at 0x7c3bf1845740> Operating System
honeywell hbl2gr1v_firmware * <built-in method update of dict object at 0x7c3bf1844080> Operating System
honeywell hbl6gr2_firmware * <built-in method update of dict object at 0x7c3c33db6680> Operating System
honeywell hbl6gr2_firmware * <built-in method update of dict object at 0x7c3bf1845480> Operating System
honeywell hbw2gr1_firmware * <built-in method update of dict object at 0x7c3c3372f100> Operating System
honeywell hbw2gr1v_firmware * <built-in method update of dict object at 0x7c3c32bc8d00> Operating System
honeywell hbw2gr3_firmware * <built-in method update of dict object at 0x7c3c3372fa00> Operating System
honeywell hbw2gr3v_firmware * <built-in method update of dict object at 0x7c3c3372d900> Operating System
honeywell hbw4gr1_firmware * <built-in method update of dict object at 0x7c3c3372d100> Operating System
honeywell hbw4gr1v_firmware * <built-in method update of dict object at 0x7c3c40d4fc00> Operating System
honeywell hcd8g_firmware * <built-in method update of dict object at 0x7c3c48141f40> Operating System
honeywell hcl2g_firmware * <built-in method update of dict object at 0x7c3c40d6c200> Operating System
honeywell hcl2gv_firmware * <built-in method update of dict object at 0x7c3c40d6ecc0> Operating System
honeywell hcw2g_firmware * <built-in method update of dict object at 0x7c3c40d6e200> Operating System
honeywell hcw2gv_firmware * <built-in method update of dict object at 0x7c3c40d6da00> Operating System
honeywell hcw4g_firmware * <built-in method update of dict object at 0x7c3c40d6e780> Operating System
honeywell hdz302d_firmware * <built-in method update of dict object at 0x7c3c32751840> Operating System
honeywell hdz302de_firmware * <built-in method update of dict object at 0x7c3c32750800> Operating System
honeywell hdz302din_firmware * <built-in method update of dict object at 0x7c3be005b780> Operating System
honeywell hdz302din-c1_firmware * <built-in method update of dict object at 0x7c3be0058840> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4d8pr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4d8pr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hfd5pr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hfd5pr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hpw2p1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hpw2p1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hdzp304di_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hdzp304di:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hdzp252di_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hdzp252di:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hdz302din-s1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hdz302din-s1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hdz302lik_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hdz302lik:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hdz302liw_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hdz302liw:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hfd6gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hfd6gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hfd8gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hfd8gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hm4l8gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hm4l8gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hmbl8gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hmbl8gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h2w2gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h2w2gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h3w2gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h3w2gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h3w2gr1v_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h3w2gr1v:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h3w2gr2_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h3w2gr2:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h3w4gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h3w4gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h3w4gr1v_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h3w4gr1v:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4d8gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4d8gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4l2gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4l2gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4l2gr1v_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4l2gr1v:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4l6gr2_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4l6gr2:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4lggr2_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4lggr2:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4w2gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4w2gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4w2gr1v_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4w2gr1v:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4w2gr2_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4w2gr2:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4w4gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4w4gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:h4w4gr1v_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:h4w4gr1v:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbd8gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbd8gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbl2gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbl2gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbl2gr1v_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbl2gr1v:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbl6gr2_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbl6gr2:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbl6gr2_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbl6gr2:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbw2gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbw2gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbw2gr1v_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbw2gr1v:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbw2gr3_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbw2gr3:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbw2gr3v_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbw2gr3v:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbw4gr1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbw4gr1:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hbw4gr1v_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hbw4gr1v:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hcd8g_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hcd8g:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hcl2g_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hcl2g:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hcl2gv_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hcl2gv:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hcw2g_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hcw2g:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hcw2gv_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hcw2gv:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hcw4g_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hcw4g:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hdz302d_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hdz302d:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hdz302de_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hdz302de:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hdz302din_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hdz302din:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:hdz302din-c1_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:hdz302din-c1:-:*:*:*:*:*:*:*

References

Notification
Message here