Описание
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:faleemi:fsc-880_firmware:00.01.01.0048p2:*:*:*:*:*:*:*
cpe:2.3:h:faleemi:fsc-880:-:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00447
Низкий
8.1 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.
EPSS
Процентиль: 63%
0.00447
Низкий
8.1 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-89