Vulnerabilities > Honeywell > Hbw2Per1 Firmware > 1.000.hw01.3

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2021-39363 Command Injection vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.
network
low complexity
honeywell CWE-77
critical
9.8
2022-02-24 CVE-2021-39364 Authentication Bypass by Capture-replay vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
network
low complexity
honeywell CWE-294
7.5