CVE-2018-5560

Опубликовано: 31 янв. 2019

Источник: nvd

CVSS3: 10

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.

Ссылки

https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/
Exploit
Third Party Advisory
https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/
Exploit
Third Party Advisory
https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/
Exploit
Third Party Advisory
https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:guardzilla:gz521w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:guardzilla:gz521w:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00472

Низкий

10 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-ppvp-wh9g-pg5w

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 64%

0.00472

Низкий

10 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798