Skip to main content

SpringShell Spring Core RCE-0 Day Vulnerability in JDK 9+

  • Updated

Applies to Models: All Hanwha Camera, Recorder, WAVE, Wisenet SKY, OSSA camera and SSM

Summary:

All Hanwha Camera, Recorder, WAVE, Wisenet SKY, OSSA camera and SSM have no vulnerability found on SpringShell Framework

Case :

  • CVE-2022-22965(Spring4Shell)
  • CVE-2022-22963

Case Review:

1. Hanwha Camera and Recorder 

  • Since no Hanwha camera and Recorder use Java Framework, there will be no vulnerability on this case

2. WAVE

  • All Wisenet WAVE services including WAVE Sync, do not use Java Framework thus there is no vulnerability on this case

3. Wisenet SKY

  • Eagle Eye Networks checked with Ops and our scans report CLEAN. No vulnerability found.
    Wisenet SKY is not affected by Spring4Shell vulnerability.

4. OSSA Camera

  • Azuna OS doesnt use Spring Framework thus it doesnt have any vulnerability on the case
  • there was found related Spring library(passay) refereced code but this could work only if there should be Spring framework  

Related articles