Sign-up

ID

VAR-201710-1444


TITLE

An unauthorized operation vulnerability exists in the image setting interface of Haikang webcam

Trust: 0.6

sources: CNVD: CNVD-2017-25272

DESCRIPTION

Hikvision DS-2CD2710F-I and DS-5C-I Series are webcam products developed by China Hikvision. There is an unauthorized operation loophole in the image setting interface of Hikvision webcam, and the validity of the parameters cannot be verified during reception and processing. An attacker could use this vulnerability to perform unauthorized operations.

Trust: 0.6

sources: CNVD: CNVD-2017-25272

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-25272

AFFECTED PRODUCTS

vendor:hikvision digitalmodel:ds-2cd2710f-1 buildscope:eqversion:v5.3.0150513

Trust: 0.6

vendor:hikvision digitalmodel:ds-5c-i buildscope:eqversion:v5.3.0150513

Trust: 0.6

sources: CNVD: CNVD-2017-25272

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-25272
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-25272
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-25272

PATCH

title:Haikang webcam has unauthorized access vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/100494

Trust: 0.6

sources: CNVD: CNVD-2017-25272

EXTERNAL IDS

db:CNVDid:CNVD-2017-25272

Trust: 0.6

sources: CNVD: CNVD-2017-25272

SOURCES

db:CNVDid:CNVD-2017-25272

LAST UPDATE DATE

2022-05-04T10:19:21.341000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-25272date:2017-10-16T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-25272date:2017-10-02T00:00:00