Sign-up

ID

VAR-201610-0722


TITLE

Unauthorized Information Disclosure Vulnerabilities in AVTECH Devices

Trust: 0.6

sources: CNVD: CNVD-2016-08735

DESCRIPTION

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. An unauthorized information disclosure vulnerability exists in AVTECH devices. Since the cgi-bin/ directory does not have authentication rights set, unauthorized attackers are allowed access to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2016-08735

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-08735

AFFECTED PRODUCTS

vendor:avtechmodel:dvrscope: - version: -

Trust: 0.6

vendor:avtechmodel:nvrscope: - version: -

Trust: 0.6

vendor:avtechmodel:ip camerascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2016-08735

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-08735
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2016-08735
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-08735

EXTERNAL IDS

db:CNVDid:CNVD-2016-08735

Trust: 0.6

sources: CNVD: CNVD-2016-08735

REFERENCES

url:http://seclists.org/bugtraq/2016/oct/26

Trust: 0.6

url:http://www.search-lab.hu/advisories/126-avtech-devices-multiple-vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2016-08735

SOURCES

db:CNVDid:CNVD-2016-08735

LAST UPDATE DATE

2022-05-04T09:23:32.878000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-08735date:2016-10-13T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-08735date:2016-10-13T00:00:00