{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-54011", "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "state": "PUBLISHED", "assignerShortName": "Hanwha_Vision", "dateReserved": "2024-11-27T00:56:05.852Z", "datePublished": "2026-04-28T06:51:33.550Z", "dateUpdated": "2026-04-28T12:28:46.913Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "shortName": "Hanwha_Vision", "dateUpdated": "2026-04-28T06:51:33.550Z"}, "title": "Missing Error/Exception Handling", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper input validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212 Functionality Misuse"}]}], "affected": [{"vendor": "Hanwha Vision", "product": "QND-8080R", "versions": [{"status": "affected", "version": "0", "lessThan": "2.24.00", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests,\u00a0causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests,&nbsp;causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.</p>"}]}], "references": [{"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T12:28:25.327161Z", "id": "CVE-2024-54011", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:28:46.913Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-54011", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T12:28:25.327161Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:28:42.752Z"}}], "cna": {"title": "Missing Error/Exception Handling", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212 Functionality Misuse"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hanwha Vision", "product": "QND-8080R", "versions": [{"status": "affected", "version": "0", "lessThan": "2.24.00", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests,\u00a0causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.", "supportingMedia": [{"type": "text/html", "value": "<p>Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests,&nbsp;causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper input validation"}]}], "providerMetadata": {"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "shortName": "Hanwha_Vision", "dateUpdated": "2026-04-28T06:51:33.550Z"}}}, "cveMetadata": {"cveId": "CVE-2024-54011", "state": "PUBLISHED", "dateUpdated": "2026-04-28T12:28:46.913Z", "dateReserved": "2024-11-27T00:56:05.852Z", "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "datePublished": "2026-04-28T06:51:33.550Z", "assignerShortName": "Hanwha_Vision"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests,\u00a0causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds."}], "id": "CVE-2024-54011", "lastModified": "2026-04-28T08:15:59.917", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "type": "Secondary"}]}, "published": "2026-04-28T08:15:59.917", "references": [{"source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "url": "https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf"}], "sourceIdentifier": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.24.00)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "QND-8080R", "source": "cna", "vendor": "Hanwha Vision"}, "product": "qnd-8080r", "vendor": "hanwhavision"}], "analysis": {"en": {"generated_at": "2026-04-28T12:23:01.728603+00:00", "value": {"mitigation_remediation": ["Update the camera firmware to the latest version released by Hanwha Vision as described in the manufacturer\u2019s security report.", "Implement any interim mitigations recommended by the manufacturer, such as limiting the camera\u2019s exposure to untrusted networks.", "Segment the camera network and apply strict access controls to reduce the risk of service disruption."], "summary": {"action": "Patch Firmware", "impact": "Service Disruption"}, "threat_synthesis": {"affected_systems": "The affected product is the Hanwha Vision QND-8080R camera model, as specified by the CNA. No additional vendor or version details are listed beyond the model identifier.", "description_and_impact": "The flaw in the Hanwha Vision QND-8080R camera system arises from missing error and exception handling when processing certain incoming requests, causing the service to crash or become unresponsive. This results in a denial\u2011of\u2011service condition that can prevent the camera from delivering video or telemetry, leading to loss of availability. The weakness is an input validation issue (CWE\u201120). No information about confidentiality or integrity impact is provided.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate level of severity. EPSS data is not reported, and the vulnerability is not in the CISA KEV catalog. The likely attack vector is remote delivery of malformed requests over the network to the camera service, as the description indicates failures during request processing. The flaw does not mention the need for authenticated access; therefore, it is inferred that unauthenticated users could potentially trigger the disruption. Remediation includes applying the vendor\u2019s firmware patch."}}}}, "created": "2026-04-28T08:30:13.033201+00:00", "updated": "2026-04-28T12:30:31.060965+00:00", "vendors": ["hanwhavision", "hanwhavision$PRODUCT$qnd-8080r"]}