CVE-2017-11510

Exploit

EPSS 0.95%
Veröffentlicht 28.03.2018 17:29:00
Zuletzt bearbeitet 21.11.2024 03:07:54
Quelle vulnreport@tenable.com
CVE-Watchlists
Login
Unerledigt
Login

An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wanscam ≫ Hw0021 Firmware Version11.6.5.1.1-20161213

Wanscam ≫ Hw0021 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.95%	0.755

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.tenable.com/security/research/tra-2017-33

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2017-11510

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-11510

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-11510

EUVD