Sign-up

ID

VAR-201711-0063


CVE

CVE-2017-16566


TITLE

Jooan IP Camera A5 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-010509

DESCRIPTION

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device. Jooan IP Camera A5 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. JooanIPCameraA5 is a network camera product from China's Shenzhen Jooan Technology. A security vulnerability exists in JooanIPCameraA52.3.36. There is a security vulnerability in Jooan IP Camera A5 version 2.3.36

Trust: 2.34

sources: NVD: CVE-2017-16566 // JVNDB: JVNDB-2017-010509 // CNVD: CNVD-2017-37417 // VULHUB: VHN-107501 // VULMON: CVE-2017-16566

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:IP camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-37417

AFFECTED PRODUCTS

vendor:jooanmodel:a5 ip camerascope:eqversion:2.3.36

Trust: 1.4

vendor:qacctvmodel:jooan a5 ip camerascope:eqversion:2.3.36

Trust: 1.0

vendor:jooanmodel:ip camera a5scope:eqversion:2.3.36

Trust: 0.6

sources: CNVD: CNVD-2017-37417 // JVNDB: JVNDB-2017-010509 // CNNVD: CNNVD-201711-249 // NVD: CVE-2017-16566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16566
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-16566
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-37417
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-249
value: CRITICAL

Trust: 0.6

VULHUB: VHN-107501
value: HIGH

Trust: 0.1

VULMON: CVE-2017-16566
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-16566
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-37417
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-107501
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-16566
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-16566
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-37417 // VULHUB: VHN-107501 // VULMON: CVE-2017-16566 // JVNDB: JVNDB-2017-010509 // CNNVD: CNNVD-201711-249 // NVD: CVE-2017-16566

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-107501 // JVNDB: JVNDB-2017-010509 // NVD: CVE-2017-16566

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-249

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-249

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010509

PATCH
title:Top Pageurl:http://www.qacctv.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-010509

EXTERNAL IDS
db:NVDid:CVE-2017-16566
Trust: 3.3
db:JVNDBid:JVNDB-2017-010509
Trust: 0.8
db:CNNVDid:CNNVD-201711-249
Trust: 0.7
db:CNVDid:CNVD-2017-37417
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-107501
Trust: 0.1
db:VULMONid:CVE-2017-16566
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-37417 // 
            
            
            
            VULHUB: VHN-107501 // 
            
            
            
            VULMON: CVE-2017-16566 // 
            
            
            
            JVNDB: JVNDB-2017-010509 // 
            
            
            
            CNNVD: CNNVD-201711-249 // 
            
            
            
            NVD: CVE-2017-16566

REFERENCES
url:https://siggyd.github.io/advisories/cve-2017-16566
Trust: 3.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-16566
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16566
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-37417 // 
            
            
            
            VULHUB: VHN-107501 // 
            
            
            
            VULMON: CVE-2017-16566 // 
            
            
            
            JVNDB: JVNDB-2017-010509 // 
            
            
            
            CNNVD: CNNVD-201711-249 // 
            
            
            
            NVD: CVE-2017-16566

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2017-37417
db:VULHUBid:VHN-107501
db:VULMONid:CVE-2017-16566
db:JVNDBid:JVNDB-2017-010509
db:CNNVDid:CNNVD-201711-249
db:NVDid:CVE-2017-16566

LAST UPDATE DATE
2025-04-20T20:41:43.854000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37417date:2017-12-19T00:00:00
db:VULHUBid:VHN-107501date:2017-12-07T00:00:00
db:VULMONid:CVE-2017-16566date:2021-04-20T00:00:00
db:JVNDBid:JVNDB-2017-010509date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-249date:2021-04-21T00:00:00
db:NVDid:CVE-2017-16566date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37417date:2017-12-19T00:00:00
db:VULHUBid:VHN-107501date:2017-11-17T00:00:00
db:VULMONid:CVE-2017-16566date:2017-11-17T00:00:00
db:JVNDBid:JVNDB-2017-010509date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-249date:2017-11-08T00:00:00
db:NVDid:CVE-2017-16566date:2017-11-17T23:29:00.230