exploitDog

CVE-2015-8252

Опубликовано: 27 дек. 2015

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number.

Ссылки

http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/
Exploit
https://www.kb.cert.org/vuls/id/792004
Third Party Advisory
US Government Resource
http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/
Exploit
https://www.kb.cert.org/vuls/id/792004
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rsi_video_technologies:frontel_protocol:*:*:*:*:*:*:*:*

Версия до 2.0 (включая)

EPSS

Процентиль: 69%

0.00586

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-f3pv-273r-pmfc

CVSS3: 5.9

github

больше 3 лет назад

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number.

EPSS

Процентиль: 69%

0.00586

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200