Описание
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.
Ссылки
- Third Party AdvisoryVDB Entry
- Exploit
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Exploit
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:loftek:nexus_543_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:loftek:nexus_543:-:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01733
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
github
почти 4 года назад
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.
EPSS
Процентиль: 82%
0.01733
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522