106 matches found
CVE-2019-12919
CVE-2019-12919 affects Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4. The connected Red Hat/CNVD/NVD records describe an unauthenticated attacker on the local network gaining access to the device’s internal SD card through the HTTP service on port 8000, enabling viewing or downloadi...
CVE-2019-12919
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved o...
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Exploit for hardware platform in category web applications 1. Advisory Information ======================================== Title: Clever Dog Smart Camera Vendor Homepage: http://www.cleverdog.com.cn/ Tested on Camera types : DOG-2W, DOG-2W-V4 Vulnerability: Hardware- Multiple Vulnerabilities Dat...
Robert Bosch Smart Camera App for Android Privilege Permission and Access Control Vulnerability
Robert Bosch Smart Camera App for Android is an Android-based smart camera management application from Robert Bosch, Germany. A privilege-granting and access control vulnerability exists in versions of the Bosch Smart Camera App for Android prior to 1.3.1, which stems from a failure to set securi...
CVE-2019-7729
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. The Bosch Smart Home App is not affected. iOS Apps ar...
Design/Logic Flaw
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. The Bosch Smart Home App is not affected. iOS Apps ar...
Design/Logic Flaw
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. The Bosch Smart Home App is not affected. iOS Apps are no...
CVE-2019-7729
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. The Bosch Smart Home App is not affected. iOS Apps ar...
CVE-2019-7728
The CVE-2019-7728 entry concerns the Bosch Smart Camera App for Android (before version 1.3.1). The root cause is improperly implemented TLS certificate checks, enabling the possibility of a man-in-the-middle attack on certain connections. Impact is described as partial confidentiality, integrity...
CVE-2019-7729
The CVE affects the Bosch Smart Camera App for Android prior to version 1.3.1. It arises from insecure permission settings, enabling a local attacker to retrieve video clips or still images cached for clip sharing. Impact is limited to confidentiality (partial), with no egregious integrity/availa...
CVE-2019-7729
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. The Bosch Smart Home App is not affected. iOS Apps ar...
CVE-2019-7728
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. The Bosch Smart Home App is not affected. iOS Apps are no...
Directory Traversal Vulnerability in ZTE C520 Smart Camera
The ZTE C520 is a smart Wi-Fi watchdog camera. A directory traversal vulnerability exists in the ZTE C520 smart camera. An attacker can exploit the vulnerability to read arbitrary files...
Improper access control
LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report aka Log & Report files and download backup files via download.php without authenticating. These backup files contain user credentials and configuration informatio...
Stack overflow
An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera...
CVE-2018-3867
An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera...
CVE-2018-3867
An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera...
CVE-2018-3867
CVE-2018-3867 describes a stack-based buffer overflow in Samsung SmartThings Hub (STH-ETH-250) video-core HTTP server. The vulnerability exists in the samsungWifiScan callback handling during camera discovery, where the hub constructs a POST to a callback URL using an unconstrained camera respons...
Samsung SmartThings Hub video-core samsungWifiScan Callback Code Execution Vulnerability(CVE-2018-3867)
Summary An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stac...
Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability(CVE-2018-3911)
Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controll...