Описание
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:wificam:wireless_ip_camera_\(p2p\)_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wificam:wireless_ip_camera_\(p2p\):-:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.70891
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.
EPSS
Процентиль: 99%
0.70891
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-522