Lucene search

TwcertCVELIST:CVE-2021-30165

HistoryApr 27, 2021 - 3:07 a.m.

CVE-2021-30165 EDIMAX Technology Co., Ltd. HD Wireless Day & Night Network Camera IC-3140W - Hard-coded password

2021-04-2703:07:36

CWE-798

twcert

www.cve.org

cve-2021-30165

edimax

network camera

hard-coded password

remote attackers

firmware

privileged permission

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.007

Percentile

79.8%

JSON

The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices.

CNA Affected

[
  {
    "product": "IC-3140W",
    "vendor": "EDIMAX Technology Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "3.11"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-4670-359c8-1.html

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.007

Percentile

79.8%

JSON

Related for CVELIST:CVE-2021-30165