Sign-up

ID

VAR-201704-1322


CVE

CVE-2017-8225


TITLE

Wireless IP Camera WIFICAM Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-003612

DESCRIPTION

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI. WirelessIPCamera (P2P) WIFICAM is a remote network camera

Trust: 2.34

sources: NVD: CVE-2017-8225 // JVNDB: JVNDB-2017-003612 // CNVD: CNVD-2017-06897 // VULHUB: VHN-116428 // VULMON: CVE-2017-8225

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:IP camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-06897

AFFECTED PRODUCTS

vendor:wificammodel:wireless ip camera \scope:eqversion: -

Trust: 1.6

vendor:wificammodel:wireless ip camera wificamscope: - version: -

Trust: 0.8

vendor:wificammodel:wireless ip camerascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-06897 // JVNDB: JVNDB-2017-003612 // CNNVD: CNNVD-201704-1453 // NVD: CVE-2017-8225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8225
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-8225
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-06897
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-1453
value: CRITICAL

Trust: 0.6

VULHUB: VHN-116428
value: HIGH

Trust: 0.1

VULMON: CVE-2017-8225
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8225
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-06897
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116428
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8225
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-06897 // VULHUB: VHN-116428 // VULMON: CVE-2017-8225 // JVNDB: JVNDB-2017-003612 // CNNVD: CNNVD-201704-1453 // NVD: CVE-2017-8225

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-116428 // JVNDB: JVNDB-2017-003612 // NVD: CVE-2017-8225

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1453

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201704-1453

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003612

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-116428 // 
            
            
            
            VULMON: CVE-2017-8225

PATCH
title:WirelessIPCamera (P2P) WIFICAM patchurl:https://www.cnvd.org.cn/patchInfo/show/93767
Trust: 0.6
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/
Trust: 0.1
title:Threatposturl:https://threatpost.com/hackers-prepping-iotroop-botnet-with-exploits/128608/
Trust: 0.1
title:Threatposturl:https://threatpost.com/iotroop-botnet-could-dwarf-mirai-in-size-and-devastation-says-researcher/128560/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-06897 // 
            
            
            
            VULMON: CVE-2017-8225

EXTERNAL IDS
db:NVDid:CVE-2017-8225
Trust: 3.3
db:JVNDBid:JVNDB-2017-003612
Trust: 0.8
db:CNNVDid:CNNVD-201704-1453
Trust: 0.7
db:CNVDid:CNVD-2017-06897
Trust: 0.6
db:EXPLOIT-DBid:43142
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-116428
Trust: 0.1
db:VULMONid:CVE-2017-8225
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-06897 // 
            
            
            
            VULHUB: VHN-116428 // 
            
            
            
            VULMON: CVE-2017-8225 // 
            
            
            
            JVNDB: JVNDB-2017-003612 // 
            
            
            
            CNNVD: CNNVD-201704-1453 // 
            
            
            
            NVD: CVE-2017-8225

REFERENCES
url:https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-info-leak-goahead
Trust: 2.6
url:http://seclists.org/fulldisclosure/2017/mar/23
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8225
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8225
Trust: 0.8
url:https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/hackers-prepping-iotroop-botnet-with-exploits/128608/
Trust: 0.1
url:https://www.exploit-db.com/exploits/43142/
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-06897 // 
            
            
            
            VULHUB: VHN-116428 // 
            
            
            
            VULMON: CVE-2017-8225 // 
            
            
            
            JVNDB: JVNDB-2017-003612 // 
            
            
            
            CNNVD: CNNVD-201704-1453 // 
            
            
            
            NVD: CVE-2017-8225

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2017-06897
db:VULHUBid:VHN-116428
db:VULMONid:CVE-2017-8225
db:JVNDBid:JVNDB-2017-003612
db:CNNVDid:CNNVD-201704-1453
db:NVDid:CVE-2017-8225

LAST UPDATE DATE
2025-04-20T20:10:25.023000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06897date:2017-05-18T00:00:00
db:VULHUBid:VHN-116428date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-8225date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-003612date:2017-05-31T00:00:00
db:CNNVDid:CNNVD-201704-1453date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8225date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06897date:2017-05-18T00:00:00
db:VULHUBid:VHN-116428date:2017-04-25T00:00:00
db:VULMONid:CVE-2017-8225date:2017-04-25T00:00:00
db:JVNDBid:JVNDB-2017-003612date:2017-05-31T00:00:00
db:CNNVDid:CNNVD-201704-1453date:2017-04-27T00:00:00
db:NVDid:CVE-2017-8225date:2017-04-25T20:59:00.430