CVE-2017-17106

Name of the Vulnerable Software and Affected Versions Zivif PR115-204-P-RS version V2.3.4.2103

Description The issue is related to errors in handling registration data in the webcam's software. It allows a remote attacker to obtain user credentials using the HTTP request "/cgi-bin/hi3510/param.cgi?cmd=getuser". This is possible due to a lack of authentication checks in requests to CGI pages.

Recommendations For version V2.3.4.2103, consider restricting access to the "/cgi-bin/hi3510/param.cgi" endpoint until a patch is available, and avoid using the cmd variable with the getuser value in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.