CVE-2024-13894

Name of the Vulnerable Software and Affected Versions Smartwares cameras versions up to 3.3.0

Description The issue allows for path traversal attacks, enabling access to sensitive information by manipulating file paths. When connected to a mobile app, affected devices open port 10000, allowing users to download pictures by providing specific file paths. However, the directories accessible to users are not properly restricted, facilitating the path traversal attacks. The vendor has not responded to reports, and the patching status is unknown.

Recommendations For versions up to 3.3.0, as a temporary workaround, consider restricting access to port 10000 when not in use, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.