CVE-2017-14953

Опубликовано: 01 дек. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product

Ссылки

http://packetstormsecurity.com/files/145131/HikVision-Wi-Fi-IP-Camera-Wireless-Access-Point-State.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Nov/43
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/145131/HikVision-Wi-Fi-IP-Camera-Wireless-Access-Point-State.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Nov/43
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:hikvision:ds-2cd2432f-iw_firmware:*:*:*:*:*:*:*:*

Версия до 5.4.5 (исключая)

cpe:2.3:h:hikvision:ds-2cd2432f-iw:-:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00036

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-311

Связанные уязвимости

GHSA-7x89-5p28-9fvp

CVSS3: 6.5

github

больше 3 лет назад

** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product.

BDU:2024-06775

CVSS3: 6.5

fstec

около 9 лет назад

Уязвимость микропрограммного обеспечения IP-камеры Hikvision DS-2CD2432F-IW, связанная с недостатками шифрования, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 10%

0.00036

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-311