PT-2018-5326 · Wanscam · Wanscam Hw0021

Published

2018-03-28

Updated

2019-10-09

CVE-2017-11510

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wanscam HW0021 network camera (affected versions not specified)

Description An information leak exists that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF "GetSnapshotUri" request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-200

Related Identifiers

CVE-2017-11510

Affected Products

Wanscam Hw0021

PT-2018-5326 · Wanscam · Wanscam Hw0021

CVE-2017-11510

Weakness Enumeration

Related Identifiers

Affected Products

References · 3