Lucene search

[email protected]CVE-2020-9349

HistoryApr 02, 2020 - 3:15 p.m.

CVE-2020-9349

2020-04-0215:15:00

CWE-306

[email protected]

web.nvd.nist.gov

cacagoo

cloud storage

camera

firmware

rtsp

security vulnerability

unauthenticated access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.

CPENameOperatorVersion
cacagoo:tv-288zd-2mp_firmwarecacagoo tv-288zd-2mp firmwareeq3.4.2.0919

CPE	Name	Operator	Version
cacagoo:tv-288zd-2mp_firmware	cacagoo tv-288zd-2mp firmware	eq	3.4.2.0919

References

insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/

www.cacagoo.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for CVE-2020-9349

prion1 cvelist1