Lucene search

[email protected]CVE-2020-6852

HistoryApr 02, 2020 - 3:15 p.m.

CVE-2020-6852

2020-04-0215:15:17

CWE-307

[email protected]

web.nvd.nist.gov

cacagoo

cloud storage

camera

tv-288zd-2mp

telnet

authentication

vulnerability

cve-2020-6852

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.6%

JSON

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required.

Affected configurations

NVD

Node

cacagootv-288zd-2mpMatch-

AND

cacagootv-288zd-2mp_firmwareMatch3.4.2.0919

CPENameOperatorVersion
cacagoo:tv-288zd-2mp_firmwarecacagoo tv-288zd-2mp firmwareeq3.4.2.0919

CPE	Name	Operator	Version
cacagoo:tv-288zd-2mp_firmware	cacagoo tv-288zd-2mp firmware	eq	3.4.2.0919

References

insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/

www.cacagoo.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.6%

JSON

Related for CVE-2020-6852

prion1 nvd1 cvelist1 openvas1