10

CVE-2017-16566

EPSS 1.33%
Veröffentlicht 17.11.2017 23:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qacctv ≫ Jooan A5 Ip Camera Firmware Version2.3.36

Qacctv ≫ Jooan A5 Ip Camera Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.33%	0.791

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://siggyd.github.io/Advisories/CVE-2017-16566

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-16566

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16566

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16566

EUVD