Lucene search

[email protected]CVE-2018-11653

HistoryAug 24, 2018 - 9:29 p.m.

CVE-2018-11653

2018-08-2421:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve

2018

11653

information disclosure

netwave

ip camera

http

port 8000

exfiltration

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.8%

JSON

Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.

Affected configurations

NVD

Node

seasofsolutionsip_cameraMatch-

AND

seasofsolutionsip_camera_firmwareMatch-

CPENameOperatorVersion
seasofsolutions:ip_camera_firmwareseasofsolutions ip camera firmwareeq-

CPE	Name	Operator	Version
seasofsolutions:ip_camera_firmware	seasofsolutions ip camera firmware	eq	-

References

github.com/SadFud/Exploits/tree/master/Real%20World/SCADA%20-%20IOT%20Systems/CVE-2018-11653

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for CVE-2018-11653

nvd1 cvelist1 prion1 openvas1