Описание
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:iegeek:ig20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:iegeek:ig20:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:hipcam:realserver:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00425
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-330
CWE-330
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.
EPSS
Процентиль: 62%
0.00425
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-330
CWE-330