Lucene search

K
vulnrichmentTwcertVULNRICHMENT:CVE-2023-38024
HistoryAug 28, 2023 - 3:14 a.m.

CVE-2023-38024 SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1

2023-08-2803:14:20
CWE-798
twcert
github.com
spotcam fhd 2
telnet
hard-coded key
vulnerability
remote access
arbitrary operations
service disruption

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:*"
    ],
    "vendor": "spotcam_co_ltd",
    "product": "spotcam_fhd2",
    "versions": [
      {
        "status": "affected",
        "version": "1.0036"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

Related for VULNRICHMENT:CVE-2023-38024