33 matches found
VulnCheck KEV: CVE-2017-17106
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...
VulnCheck KEV: CVE-2017-17105
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...
Zivif webcams 信息泄露漏洞
Zivif webcams is a webcam device. The webcam device suffers from an information disclosure vulnerability that stems from the fact that sensitive information on the webcam device is not properly protected. A remote attacker could improperly grant administrator privileges and take further control o...
Zivif Webcams Remote Code Execution (CVE-2017-17107)
A remote code execution vulnerability exists in Zivif Webcams. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Zivif Webcams Information Disclosure (CVE-2017-17106)
An information disclosure vulnerability exists in Zivif Webcams. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution
This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zivif Camera iptest.cgi Blind Remote Command Execution...
Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution Exploit
This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including 2.3.4.2103. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zivif Camera iptest.cgi Blind Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Zivi...
Zivif Camera iptest.cgi Blind Remote Command Execution
This module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including v2.3.4.2103. Exploit was reported in CVE-2017-17105. This module requires Metasploit: https://metasploit.com/download Current source:...
The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software, related to errors in managing registration data, allows a hacker to obtain user login credentials.
The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software is related to errors in managing registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain user credentials using an HTTP request...
The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software relates to the use of pre-installed credentials, allowing a intruder to gain access to the device with root privileges.
The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software is related to the use of pre-set credentials the password “cat1029” for the “root” user. Exploiting this vulnerability allows a malicious actor to gain access to the device with root privileges through a Telnet...
Zivif PR115-204-P-RS Remote Command Injection Vulnerability
The Zivif PR115-204-P-RS is a webcam device. A remote command injection vulnerability exists in Zivif PR115-204-P-RS version 2.3.4.2103. A remote attacker can exploit this vulnerability to inject arbitrary commands...
Zivif PR115-204-P-RS Security Bypass Vulnerability
The Zivif PR115-204-P-RS is a webcam device. A security bypass vulnerability exists in the Zivif PR115-204-P-RS version 2.3.4.2103, which stems from the program's failure to perform sufficient authentication checks on requests sent to a CGI page. A remote attacker can exploit the vulnerability by...
CVE-2017-17105
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...
CVE-2017-17106
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...
CVE-2017-17105
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...
CVE-2017-17107
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...
Hardcoded credentials
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...
Command injection
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...
Design/Logic Flaw
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...