PT-2019-7818 · Milesight · Milesight Ip Security Cameras

Published

2019-10-25

Updated

2019-10-29

CVE-2016-2358

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Milesight IP security cameras versions prior to 2016-11-14

Description The issue concerns Milesight IP security cameras that have a default set of 10 privileged accounts with hardcoded credentials. These accounts are accessible if the customer has not configured 10 actual user accounts.

Recommendations For Milesight IP security cameras versions prior to 2016-11-14, configure 10 actual user accounts to override the default privileged accounts with hardcoded credentials.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2016-2358

Affected Products

Milesight Ip Security Cameras

PT-2019-7818 · Milesight · Milesight Ip Security Cameras

CVE-2016-2358

Weakness Enumeration

Related Identifiers

Affected Products

References · 5