CVE-2016-2360

Опубликовано: 25 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.

Ссылки

http://kirils.org/slides/2016-10-06_Milesight_initial.pdf
Exploit
Third Party Advisory
https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/
Third Party Advisory
https://www.youtube.com/watch?v=scckkI7CAW0
Exploit
Third Party Advisory
http://kirils.org/slides/2016-10-06_Milesight_initial.pdf
Exploit
Third Party Advisory
https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/
Third Party Advisory
https://www.youtube.com/watch?v=scckkI7CAW0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:milesight:ip_security_camera_firmware:*:*:*:*:*:*:*:*

Версия до 2016-11-14 (включая)

cpe:2.3:h:milesight:ip_security_camera:-:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00836

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-6h4r-4p84-m69q