6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
27.3%
Video Multi-Tenant System Entrance Stations provided by AIPHONE CO., LTD. contain an information disclosure vulnerability (CWE-200).
An attacker who can obtain specific information of the product and access the product may obtain sensitive information stored in the device.
Use the products with the fixed firmware
According to the developer, the vulnerability has been fixed since December 2021.
Please inquire the developer the information on the support of the products released before December 2021.