Sign-up

ID

VAR-201707-0197


CVE

CVE-2017-10796


TITLE

TP-Link NC250 Vulnerability to display video and audio without authentication in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-005815

DESCRIPTION

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. TP-LinkNC250 is a network camera product of China TP-LINK. TP-LINKNC250 has a certification bypass vulnerability. TP-Link NC250 with 1.2.1 build 170515 and earlier firmware has a security vulnerability

Trust: 2.34

sources: NVD: CVE-2017-10796 // JVNDB: JVNDB-2017-005815 // CNVD: CNVD-2017-21502 // VULHUB: VHN-101154 // VULMON: CVE-2017-10796

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-21502

AFFECTED PRODUCTS

vendor:tp linkmodel:nc250scope:lteversion:1.2.1

Trust: 1.0

vendor:tp linkmodel:tp-link nc250scope:lteversion:1.2.1 build 170515

Trust: 0.8

vendor:tp linkmodel:nc250scope: - version: -

Trust: 0.6

vendor:tp linkmodel:nc250 v1scope:eqversion:1.2.1

Trust: 0.6

sources: CNVD: CNVD-2017-21502 // JVNDB: JVNDB-2017-005815 // CNNVD: CNNVD-201707-021 // NVD: CVE-2017-10796

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10796
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-10796
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-21502
value: LOW

Trust: 0.6

CNNVD: CNNVD-201707-021
value: MEDIUM

Trust: 0.6

VULHUB: VHN-101154
value: LOW

Trust: 0.1

VULMON: CVE-2017-10796
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-10796
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-21502
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-101154
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10796
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-10796
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-21502 // VULHUB: VHN-101154 // VULMON: CVE-2017-10796 // JVNDB: JVNDB-2017-005815 // CNNVD: CNNVD-201707-021 // NVD: CVE-2017-10796

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-101154 // JVNDB: JVNDB-2017-005815 // NVD: CVE-2017-10796

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201707-021

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201707-021

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005815

PATCH
title:Serious Security Bug in the Camera IP TP-LINK NC250url:https://gist.github.com/elbauldelgeek/8f0f24c582f43f51a34b34420a385d75
Trust: 0.8
title:CVE-2017-10796url:https://github.com/JamesGeee/CVE-2017-10796 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-10796 // 
            
            
            
            JVNDB: JVNDB-2017-005815

EXTERNAL IDS
db:NVDid:CVE-2017-10796
Trust: 3.2
db:JVNDBid:JVNDB-2017-005815
Trust: 0.8
db:CNNVDid:CNNVD-201707-021
Trust: 0.7
db:CNVDid:CNVD-2017-21502
Trust: 0.6
db:VULHUBid:VHN-101154
Trust: 0.1
db:VULMONid:CVE-2017-10796
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-21502 // 
            
            
            
            VULHUB: VHN-101154 // 
            
            
            
            VULMON: CVE-2017-10796 // 
            
            
            
            JVNDB: JVNDB-2017-005815 // 
            
            
            
            CNNVD: CNNVD-201707-021 // 
            
            
            
            NVD: CVE-2017-10796

REFERENCES
url:https://gist.github.com/elbauldelgeek/8f0f24c582f43f51a34b34420a385d75
Trust: 2.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10796
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10796
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://github.com/jamesgeee/cve-2017-10796
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-21502 // 
            
            
            
            VULHUB: VHN-101154 // 
            
            
            
            VULMON: CVE-2017-10796 // 
            
            
            
            JVNDB: JVNDB-2017-005815 // 
            
            
            
            CNNVD: CNNVD-201707-021 // 
            
            
            
            NVD: CVE-2017-10796

SOURCES
db:CNVDid:CNVD-2017-21502
db:VULHUBid:VHN-101154
db:VULMONid:CVE-2017-10796
db:JVNDBid:JVNDB-2017-005815
db:CNNVDid:CNNVD-201707-021
db:NVDid:CVE-2017-10796

LAST UPDATE DATE
2025-04-20T23:40:03.859000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-21502date:2017-08-17T00:00:00
db:VULHUBid:VHN-101154date:2017-07-19T00:00:00
db:VULMONid:CVE-2017-10796date:2021-05-07T00:00:00
db:JVNDBid:JVNDB-2017-005815date:2017-08-07T00:00:00
db:CNNVDid:CNNVD-201707-021date:2021-05-08T00:00:00
db:NVDid:CVE-2017-10796date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-21502date:2017-08-17T00:00:00
db:VULHUBid:VHN-101154date:2017-07-02T00:00:00
db:VULMONid:CVE-2017-10796date:2017-07-02T00:00:00
db:JVNDBid:JVNDB-2017-005815date:2017-08-07T00:00:00
db:CNNVDid:CNNVD-201707-021date:2017-07-14T00:00:00
db:NVDid:CVE-2017-10796date:2017-07-02T22:29:00.230