7.5

CVE-2018-17559

Exploit

Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AbusTvip 10000 Firmware Version-
   AbusTvip 10000 Version-
AbusTvip 10001 Firmware Version-
   AbusTvip 10001 Version-
AbusTvip 10005 Firmware Version-
   AbusTvip 10005 Version-
AbusTvip 10005a Firmware Version-
   AbusTvip 10005a Version-
AbusTvip 10005b Firmware Version-
   AbusTvip 10005b Version-
AbusTvip 10050 Firmware Version-
   AbusTvip 10050 Version-
AbusTvip 10051 Firmware Version-
   AbusTvip 10051 Version-
AbusTvip 10055a Firmware Version-
   AbusTvip 10055a Version-
AbusTvip 10055b Firmware Version-
   AbusTvip 10055b Version-
AbusTvip 10500 Firmware Version-
   AbusTvip 10500 Version-
AbusTvip 10550 Firmware Version-
   AbusTvip 10550 Version-
AbusTvip 11000 Firmware Version-
   AbusTvip 11000 Version-
AbusTvip 11050 Firmware Version-
   AbusTvip 11050 Version-
AbusTvip 11500 Firmware Version-
   AbusTvip 11500 Version-
AbusTvip 11501 Firmware Version-
   AbusTvip 11501 Version-
AbusTvip 11502 Firmware Version-
   AbusTvip 11502 Version-
AbusTvip 11550 Firmware Version-
   AbusTvip 11550 Version-
AbusTvip 11551 Firmware Version-
   AbusTvip 11551 Version-
AbusTvip 11552 Firmware Version-
   AbusTvip 11552 Version-
AbusTvip 20000 Firmware Version-
   AbusTvip 20000 Version-
AbusTvip 20050 Firmware Version-
   AbusTvip 20050 Version-
AbusTvip 20500 Firmware Version-
   AbusTvip 20500 Version-
AbusTvip 20550 Firmware Version-
   AbusTvip 20550 Version-
AbusTvip 21000 Firmware Version-
   AbusTvip 21000 Version-
AbusTvip 21050 Firmware Version-
   AbusTvip 21050 Version-
AbusTvip 21500 Firmware Version-
   AbusTvip 21500 Version-
AbusTvip 21501 Firmware Version-
   AbusTvip 21501 Version-
AbusTvip 21502 Firmware Version-
   AbusTvip 21502 Version-
AbusTvip 21550 Firmware Version-
   AbusTvip 21550 Version-
AbusTvip 21551 Firmware Version-
   AbusTvip 21551 Version-
AbusTvip 21552 Firmware Version-
   AbusTvip 21552 Version-
AbusTvip 22500 Firmware Version-
   AbusTvip 22500 Version-
AbusTvip 31000 Firmware Version-
   AbusTvip 31000 Version-
AbusTvip 31001 Firmware Version-
   AbusTvip 31001 Version-
AbusTvip 31050 Firmware Version-
   AbusTvip 31050 Version-
AbusTvip 31500 Firmware Version-
   AbusTvip 31500 Version-
AbusTvip 31501 Firmware Version-
   AbusTvip 31501 Version-
AbusTvip 31550 Firmware Version-
   AbusTvip 31550 Version-
AbusTvip 31551 Firmware Version-
   AbusTvip 31551 Version-
AbusTvip 32500 Firmware Version-
   AbusTvip 32500 Version-
AbusTvip 51500 Firmware Version-
   AbusTvip 51500 Version-
AbusTvip 51550 Firmware Version-
   AbusTvip 51550 Version-
AbusTvip 71500 Firmware Version-
   AbusTvip 71500 Version-
AbusTvip 71501 Firmware Version-
   AbusTvip 71501 Version-
AbusTvip 71550 Firmware Version-
   AbusTvip 71550 Version-
AbusTvip 71551 Firmware Version-
   AbusTvip 71551 Version-
AbusTvip 72500 Firmware Version-
   AbusTvip 72500 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.359
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.