Security Vulnerability Disclosure Policy

  • 1. (Security Vulnerability Response Center
    (S-CERT)
    • Hanwha Vision’s S-CERT*1 department is a team dedicated to address all possible security vulnerabilities of Hanwha Vision’s WISENET products and to respond promptly (analyze and prepare countermeasure) in the event of a security vulnerability. If your product is experiencing symptoms of security vulnerability, please contact S-CERT (secure.cctv@hanwha.com) with detailed product information, and instructions on how to reproduce the symptoms.
      ※ S-CERT does not respond to requests related to homepage(https://www.hanwhavision.com/) vulnerability, product support and features. Please contact your Hanwha Sales Representative for general product inquiries.
    2. Security Vulnerability Response Process
    • Upon receipt of a security vulnerability report, a Security Breach Accident Countermeasures Council is convened immediately. Reporters of security vulnerabilities can receive an initial response within 2 business days, and can receive a response regarding the manufacturer's future action and distribution plan related to the vulnerability within 10 business days. Firmware with improved vulnerabilities and vulnerability details will not be disclosed until 90 days from receipt or until a date mutually agreed upon with the informant. For transparent and efficient management of security vulnerabilities, starting in September 2023, Hanwha Vision is participating in the CVE program as a CNA that can directly register and manage CVE vulnerabilities, and is operating a bug bounty program for internal customers.
    3. Security Vulnerability Notice Policy
    • The vulnerability patched firmware is uploaded to the website*2 together with the Vulnerability Report. The details of the vulnerability (vulnerability content, affected product information / firmware version, risk, countermeasures, etc.) are not disclosed until the patched firmware is released on the website for zero-day attack prevention. Details such as attack scenarios for vulnerabilities are not disclosed to prevent imitating attacks. If multiple products are affected by the vulnerability, corresponding firmware patches will be released concurrently.
    • * 1. S-CERT: Security-Computer Emergency Response Team
    • * 2. HQ - Cyber Security page of the website (Technical Guide > Cyber Security)
      Hanwha Vision America - Main page (with Vulnerability Report)
      Hanwha Vision Europe Ltd - Main page and dedicated web page
    RSS Feed
  • Cybersecurity Enhancement Activities
    • Long-term Firmware Support Policy for Cybersecurity

      • 보기
        View
      • Download
    • Cybersecurity Enhancement Activities

      • 보기
        View
      • Download
    Read more
  • Cybersecurity Guides
    • Wisenet7 Next level Cybersecurity

      • 보기
        View
      • Download
    • Mutual Authentication Guide for Devices

      • 보기
        View
      • Download
    • Network Hardening Guide_Camera

      • 보기
        View
      • Download
    • Hanwha Techwin Private Root CA Pre-Installation Guide

      • 보기
        View
      • Download
    • Network Hardening Guide_NVR

      • 보기
        View
      • Download
    • Guidelines for secure use of SNMP

      • 보기
        View
      • Download
    • Guidelines for secure use of ONVIF WS-Discovery

      • 보기
        View
      • Download
    • Cybersecurity – Securing Video Surveillance Devices

      • 보기
        View
      • Download
    Read more
  • Vulnerability Report
    • SSM, MGM Ransomware Notice via Apache ActiveMQ Vulnerability (CVE-2023-46604)

      • 보기
        View
      • Download
    • Camera Vulnerability Report (CVE-2023-5747)

      • 보기
        View
      • Download
    • Camera Vulnerability Report (CVE-2023-31994/CVE-2023-31995/CVE-2023-31996)

      • 보기
        View
      • Download
    • Log4j Vulnerability Report (CVE-2021-44228)

      • 보기
        View
      • Download
    • NVR Vulnerability Report (CVE-2021-32934/ CVE-2021-28372)

      • 보기
        View
      • Download
    • NVR Vulnerability Report (CVE-2019-12223)

      • 보기
        View
      • Download
    • DVR Vulnerability Report (CVE-2018-11689)

      • 보기
        View
      • Download
    • SmartCam Vulnerability Report (CVE-2018-6294 ~ 6303)

      • 보기
        View
      • Download
    • KRACK(Key Reinstallation Attack) Analysis Report

      • 보기
        View
      • Download
    • gSOAP Vulnerability Report

      • 보기
        View
      • Download
    • NVR Vulnerability Report (CVE-2017-7912)

      • 보기
        View
      • Download
    Read more
  • Pen Test Report
    • Penetration Test Report (Wisenet AI Network Video Recorders 25Models)

      • 보기
        View
      • Download
    • Penetration Test Report (Wisenet SSM 2.10.6)

      • 보기
        View
      • Download
    • Penetration Test Report (Wisenet X, P, Q, L Series Cameras)

      • 보기
        View
      • Download
    Read more