PT-2018-1033 · Master · Master Ipcamera01
Daniele Linguaglossa
+1
·
Published
2018-01-15
·
Updated
2018-02-05
·
CVE-2018-5724
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
MASTER IPCAMERA01 version 3.3.4.2103
Description
The issue is related to unauthenticated configuration download and upload in the MASTER IPCAMERA01 device. This can be exploited through the
restore.cgi endpoint, allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information.Recommendations
For MASTER IPCAMERA01 version 3.3.4.2103, as a temporary workaround, consider restricting access to the
restore.cgi endpoint until a patch is available. Additionally, limit configuration downloads and uploads to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Master Ipcamera01