27 matches found
CVE-2019-11014
The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application for Android, iOS, and Windows, do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When...
EUVD-2017-14752
Malware in sbrugna...
EUVD-2019-3929
Malware in sbrugna...
EUVD-2019-3930
Malware in sbrugna...
EUVD-2019-2725
Malware in sbrugna...
CVE-2019-12289
An issue was discovered in upgradefirmware.cgi on VStarcam 100T C7824WIP CH-sys-48.53.75.119123 and 200V C38S CH-sys-48.53.203.119123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware o...
CVE-2019-12289
An issue was discovered in upgradefirmware.cgi on VStarcam 100T C7824WIP CH-sys-48.53.75.119123 and 200V C38S CH-sys-48.53.203.119123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware o...
CVE-2019-12288
An issue was discovered in upgradehtmls.cgi on VStarcam 100T C7824WIP KR75.8.53.20 and 200V C38S KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through...
CVE-2019-12288
An issue was discovered in upgradehtmls.cgi on VStarcam 100T C7824WIP KR75.8.53.20 and 200V C38S KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through...
Authentication flaw
An issue was discovered in upgradehtmls.cgi on VStarcam 100T C7824WIP KR75.8.53.20 and 200V C38S KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through...
Command injection
An issue was discovered in upgradefirmware.cgi on VStarcam 100T C7824WIP CH-sys-48.53.75.119123 and 200V C38S CH-sys-48.53.203.119123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware o...
CVE-2019-12289
An issue was discovered in upgradefirmware.cgi on VStarcam 100T C7824WIP CH-sys-48.53.75.119123 and 200V C38S CH-sys-48.53.203.119123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware o...
CVE-2019-12289
The CVE-2019-12289 entry describes a remote command execution vulnerability in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. The underlying issue allows an unauthenticated user to trigger a system firmware update that ca...
CVE-2019-12288
An issue was discovered in upgradehtmls.cgi on VStarcam 100T C7824WIP KR75.8.53.20 and 200V C38S KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through...
CVE-2019-12288
The CVE-2019-12288 issue affects VStarcam devices (100T/C7824WIP KR75.8.53.20 and 200V/C38S KR203.18.1.20). The root cause is a flaw in upgrade_htmls.cgi that enables manipulation of the web UI firmware update without any authentication, allowing an attacker to gain access via a manipulated firmw...
CVE-2019-11014
The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application for Android, iOS, and Windows, do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When...
Design/Logic Flaw
The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application for Android, iOS, and Windows, do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When...
CVE-2019-11014
The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application for Android, iOS, and Windows, do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When...
CVE-2019-11014
CVE-2019-11014 affects the VStarCam vstc.vscam.client library and vstc.vscam shared object used by Eye4 on Android, iOS, and Windows. The issue allows spoofing of the camera server: an attacker can set up a fake camera server on the local network, have the client respond to it via the broadcast a...
Shenzhen, China, a manufacturer of smart cameras exposed vulnerability: at least 17.5 million devices can be remote attack-vulnerability warning-the black bar safety net
Security firms Bitdefender and Checkmarx are released report, security researcher at a plurality of conventional smart cameras found in a remote intrusion vulnerability, relates to the VStarcam, the Loftek, as well as Neo IP camera. One of Neo IP camera is Shenzhen, China manufacturer beautiful...