Lucene search

KrcertCVELIST:CVE-2021-26611

HistoryNov 26, 2021 - 4:31 p.m.

CVE-2021-26611 HejHome IP Camera use of hard-coded credentials vulnerability

2021-11-2616:31:38

CWE-798

krcert

www.cve.org

hejhome

ip camera

hard-coded credentials

vulnerability

remote attackers

reboot

factory reset

snapshot

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.009

Percentile

82.6%

JSON

HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc…)

CNA Affected

[
  {
    "platforms": [
      "N/A"
    ],
    "product": "GKW-IC052",
    "vendor": "Goqual",
    "versions": [
      {
        "status": "affected",
        "version": "2.9.5"
      },
      {
        "status": "affected",
        "version": "2.9.6"
      },
      {
        "status": "affected",
        "version": "2.9.7"
      },
      {
        "status": "affected",
        "version": "4.0.4"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36359

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.009

Percentile

82.6%

JSON

Related for CVELIST:CVE-2021-26611