Details of VAR-201704-1528

ID

VAR-201704-1528

CVE

CVE-2017-7462

TITLE

Intellinet NFC-30ir IP Camera In Web Vendor-supplied in the directory CGI Vulnerability accessed

Trust: 0.8

sources: JVNDB: JVNDB-2017-003128

DESCRIPTION

Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. The Intellinet NFC-30irIP camera is a digital device based on network transmission. Intellinet NFC-30ir IP Camera is an IP network camera produced by American Intellinet company. A security vulnerability exists in the Intellinet NFC-30ir IP Camera

Trust: 2.25

sources: NVD: CVE-2017-7462 // JVNDB: JVNDB-2017-003128 // CNVD: CNVD-2017-05506 // VULHUB: VHN-115665

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	IP camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-05506

AFFECTED PRODUCTS

vendor:	intellinet network	model:	nfc-30ir	scope:	eq	version:	lm.1.6.16.05	Trust: 1.6
vendor:	intellinet	model:	nfc-30ir ip camera	scope:	-	version:	-	Trust: 1.4

sources: CNVD: CNVD-2017-05506 // JVNDB: JVNDB-2017-003128 // CNNVD: CNNVD-201704-584 // NVD: CVE-2017-7462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7462
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-7462
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-05506
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-584
value:	HIGH
Trust: 0.6
VULHUB:	VHN-115665
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-7462
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-05506
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-115665
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7462
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-05506 // VULHUB: VHN-115665 // JVNDB: JVNDB-2017-003128 // CNNVD: CNNVD-201704-584 // NVD: CVE-2017-7462

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.9
problemtype:	CWE-798	Trust: 1.9

sources: VULHUB: VHN-115665 // JVNDB: JVNDB-2017-003128 // NVD: CVE-2017-7462

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-584

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201704-584

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003128

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-115665

PATCH

title:

Top Page

url:

http://www.intellinet-network.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-003128

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7462	Trust: 3.2
db:	EXPLOIT-DB	id:	41829	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-003128	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-584	Trust: 0.7
db:	CNVD	id:	CNVD-2017-05506	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-115665	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-05506 // VULHUB: VHN-115665 // JVNDB: JVNDB-2017-003128 // CNNVD: CNNVD-201704-584 // NVD: CVE-2017-7462

REFERENCES

url:	https://www.exploit-db.com/exploits/41829/	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7462	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7462	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-05506 // VULHUB: VHN-115665 // JVNDB: JVNDB-2017-003128 // CNNVD: CNNVD-201704-584 // NVD: CVE-2017-7462

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2017-05506
db:	VULHUB	id:	VHN-115665
db:	JVNDB	id:	JVNDB-2017-003128
db:	CNNVD	id:	CNNVD-201704-584
db:	NVD	id:	CVE-2017-7462

LAST UPDATE DATE

2025-04-20T22:56:57.103000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-05506	date:	2017-04-27T00:00:00
db:	VULHUB	id:	VHN-115665	date:	2017-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-003128	date:	2017-05-16T00:00:00
db:	CNNVD	id:	CNNVD-201704-584	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2017-7462	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-05506	date:	2017-04-27T00:00:00
db:	VULHUB	id:	VHN-115665	date:	2017-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-003128	date:	2017-05-16T00:00:00
db:	CNNVD	id:	CNNVD-201704-584	date:	2017-04-11T00:00:00
db:	NVD	id:	CVE-2017-7462	date:	2017-04-11T15:59:00.353