22 matches found
EUVD-2025-6207
Malicious code in bioql PyPI...
EUVD-2025-6201
Malicious code in bioql PyPI...
EUVD-2025-6206
Malicious code in bioql PyPI...
The vulnerability of the Microprogrammed Software for IP Cameras from Smartwares, models CIP-37210AT and C724IP, arises from the lack of measures to sanitize input data at the control level. This allows intruders to execute arbitrary commands.
The vulnerability of the Microprogrammed Software for Smartwares CIP-37210AT and C724IP cameras is related to the lack of measures for cleaning incoming data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...
The vulnerability of the telnet service provided by the microprogramming-based IP cameras from Smartwares, models CIP-37210AT and C724IP, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the telnet service provided by the microprogramming-based IP cameras from Smartwares, models CIP-37210AT and C724IP, is related to the use of default login credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of Smartwares CIP-37210AT and C724IP IP cameras’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows intruders to gain unauthorized access to protected information.
The vulnerability of the Microprogrammed Software for Smartwares CIP-37210AT and C724IP cameras is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a intruder to gain unauthorized access to protected information...
CVE-2024-13894
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by...
CVE-2024-13892
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly...
CVE-2024-13893
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the...
CVE-2024-13892
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly...
CVE-2024-13893
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the...
CVE-2024-13894
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by...
CVE-2024-13894 Path traversal in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by...
CVE-2024-13894 Path traversal in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by...
CVE-2024-13894
CVE-2024-13894 affects Smartwares CIP-37210AT and C724IP cameras (and related firmware up to 3.3.0). The issue is a path traversal vulnerability exposed when the device connects to a mobile app and opens port 10000, allowing retrieval of pictures by supplying file paths; access is not properly li...
CVE-2024-13893
Summary of CVE-2024-13892 / CVE-2024-13893 / CVE-2024-13894 (Smartwares CIP-37210AT, C724IP and similar firmware up to 3.3.0): CVE-2024-13892 (NVD/Red Hat): Command injection vulnerability during initialization when a mobile app provides AP credentials. Input is not properly sanitized. Patch stat...
CVE-2024-13893 Shared credentials in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the...
CVE-2024-13893 Shared credentials in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the...
CVE-2024-13892 Command Injection in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly...
CVE-2024-13892 Command Injection in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly...