CVE-2022-28861

2022-07-2100:00:00

mitre

www.cve.org

server

ftp

cleartext

http

axis m1125

citilog 8.0

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

45.2%

JSON

The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server.

References

github.com/ErwanBroquaire/citilog-8.0-vulnerability

www.citilog.com

www.citilog.com/wp-content/uploads/2023/07/CitilogSAS_information_note_2021-10-18-English.pdf