Hard-coded Cryptographic Key in Hanwha Wisenet Device Manager (CVE-2025-52601)

Summary

Hanwha's Wisenet Device Manager ships a hard-coded encryption key, so an attacker who can read the stored configuration is able to decrypt the shared default credentials used to manage the camera fleet. Recovering those credentials hands over administrative access to large numbers of devices at once, turning a local file-read into estate-wide control. The flaw was disclosed by Nozomi Networks Labs alongside four other Wisenet findings and patched in coordination with Hanwha's PSIRT.

Affected products

Impact

Decryption of default management credentials enabling unauthorized administrative access across a Wisenet deployment, including configuration tampering, stream interception, and disabling of cameras. CVSS is scored 7.8 High under v3.1 and 6.3 Medium under the newer v4.0 metric; the high confidentiality/integrity impact is what drives the rating.

Remediation

Update Wisenet Device Manager to v2.9.3.1 or later and apply the model-specific patched camera firmware (release ranges 2.10.03 through 2.24.00 depending on model; reference Hanwha's December 2025 vulnerability report). Rotate any credentials that may have been managed through an affected WDM instance, and restrict WDM host access to trusted administrators only. Uniqcli Security can pull a model-by-model firmware inventory of your Wisenet estate, push the staged updates, and rotate credentials so a single recovered key no longer unlocks the fleet.

Sources

• https://nvd.nist.gov/vuln/detail/CVE-2025-52601
• https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf
• https://www.nozominetworks.com/blog/smile-youre-being-hacked-nozomi-networks-labs-finds-five-new-flaws-in-hanwha-wisenet-cameras