PT-2022-16759 · Alecto · Alecto Dvc-215Ip

Published

2022-02-24

Updated

2022-03-03

CVE-2022-24610

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Alecto DVC-215IP camera versions 63.1.1.173 and below

Description The issue concerns the visibility of the Wi-Fi passphrase in the settings of the Alecto DVC-215IP camera. By modifying or removing the style of the password field in the wireless settings, the password becomes visible. This could potentially grant access to an internal network connected to the camera.

Recommendations For Alecto DVC-215IP camera versions 63.1.1.173 and below, consider restricting access to the wireless settings until a fix is available. As a temporary workaround, avoid editing or removing the style of the password field to prevent the passphrase from being exposed.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2022-24610

Affected Products

Alecto Dvc-215Ip

PT-2022-16759 · Alecto · Alecto Dvc-215Ip

CVE-2022-24610

Weakness Enumeration

Related Identifiers

Affected Products

References · 3