PT-2021-22888 · Compro · Compro Ip70+3

Published

2021-09-01

Updated

2022-07-12

CVE-2021-40382

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Compro IP70 version 2.08 7130218 Compro IP570 version 2.08 7130520 Compro IP60 (affected versions not specified) Compro TN540 (affected versions not specified)

Description An issue was discovered that allows video screenshot access through the mjpegStreamer.cgi endpoint.

Recommendations For Compro IP70 version 2.08 7130218, consider restricting access to the mjpegStreamer.cgi endpoint until a fix is available. For Compro IP570 version 2.08 7130520, consider restricting access to the mjpegStreamer.cgi endpoint until a fix is available. For Compro IP60, at the moment, there is no information about a newer version that contains a fix for this issue. For Compro TN540, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-40382

Affected Products

Compro Ip570

Compro Ip60

Compro Ip70

Compro Tn540

PT-2021-22888 · Compro · Compro Ip70+3

CVE-2021-40382

Related Identifiers

Affected Products

References · 5