Lucene search

KrcertCVELIST:CVE-2021-26627

HistoryApr 19, 2022 - 8:26 p.m.

CVE-2021-26627 EDrhyme QCP 200W Information Exposure Vulnerability

2022-04-1920:26:29

CWE-284

krcert

www.cve.org

real-time image

information exposure

insufficient authentication

rtsp port

remote attackers

ffplay command

leakage

live image

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

65.2%

JSON

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.

CNA Affected

[
  {
    "platforms": [
      "Windows, Android"
    ],
    "product": "QCP 200W",
    "vendor": "EDrhyme Co.,Ltd",
    "versions": [
      {
        "status": "affected",
        "version": "No version information"
      }
    ]
  }
]

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66663

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

65.2%

JSON

Related for CVELIST:CVE-2021-26627