exploitDog

CVE-2018-10770

Опубликовано: 09 мая 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password.

Ссылки

https://github.com/D0neMkj/EXP_IOT/blob/master/CAMERA/XVR_camera/readme
Third Party Advisory
https://github.com/D0neMkj/EXP_IOT/tree/master/CAMERA/XVR_camera
Exploit
Third Party Advisory
https://github.com/D0neMkj/EXP_IOT/blob/master/CAMERA/XVR_camera/readme
Third Party Advisory
https://github.com/D0neMkj/EXP_IOT/tree/master/CAMERA/XVR_camera
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:annigroup:5_in_1_xvr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:annigroup:5_in_1_xvr:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00596

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-j5pf-533q-h6g8

CVSS3: 9.8

github

больше 3 лет назад

download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password.

EPSS

Процентиль: 69%

0.00596

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200