CVE-2021-26627

EPSS 0.38%
Veröffentlicht 19.04.2022 21:15:12
Zuletzt bearbeitet 21.11.2024 05:56:37
Quelle vuln@krcert.or.kr
CVE-Watchlists
Login
Unerledigt
Login

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qcp ≫ Qcp200w Firmware Version- SwPlatformandroid

Qcp ≫ Qcp200w Version-

Qcp ≫ Qcp200w Firmware Version- SwPlatformwindows

Qcp ≫ Qcp200w Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.589

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
vuln@krcert.or.kr	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66663

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-26627

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26627

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26627

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-26627