CVE-2021-39363

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:honeywell:hdzp252di_firmware:1.00.hw02.4:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:hdzp252di:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:honeywell:hbw2per1_firmware:1.000.hw01.3:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:hbw2per1:-:*:*:*:*:*:*:*

History

09 Mar 2022, 15:19

Type Values Removed Values Added
References (CONFIRM) https://buildings.honeywell.com/content/dam/hbtbt/en/documents/downloads/Security_Notification_SN_2022-01-26-01_CVE-2021-39363_Command_Injection_HDZP252DI.pdf - (CONFIRM) https://buildings.honeywell.com/content/dam/hbtbt/en/documents/downloads/Security_Notification_SN_2022-01-26-01_CVE-2021-39363_Command_Injection_HDZP252DI.pdf - Vendor Advisory
References (MISC) https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices - (MISC) https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices - Vendor Advisory
References (MISC) https://www.honeywell.com/us/en/product-security - (MISC) https://www.honeywell.com/us/en/product-security - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:h:honeywell:hdzp252di:-:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:hbw2per1_firmware:1.000.hw01.3:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:hdzp252di_firmware:1.00.hw02.4:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:hbw2per1:-:*:*:*:*:*:*:*
First Time Honeywell
Honeywell hdzp252di
Honeywell hbw2per1
Honeywell hbw2per1 Firmware
Honeywell hdzp252di Firmware
CWE CWE-77

24 Feb 2022, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-24 22:15

Updated : 2023-12-10 14:22


NVD link : CVE-2021-39363

Mitre link : CVE-2021-39363

CVE.ORG link : CVE-2021-39363


JSON object : View

Products Affected

honeywell

  • hbw2per1
  • hdzp252di
  • hdzp252di_firmware
  • hbw2per1_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')