CVSS: 5.3EPSS: 0%CPEs: 118EXPL: 0CVE-2019-13523
https://notcve.org/view.php?id=CVE-2019-13523
26 Sep 2019 — In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1.... • https://www.us-cert.gov/ics/advisories/icsa-19-260-03 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •