Sign-up

ID

VAR-201711-1240


TITLE

Tiandi Albert Announces Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-35813

DESCRIPTION

Tiandi Weiye Technology Co., Ltd. is an Internet of Things company whose main business is the research and development, production and sales of video surveillance products. With "Horizon as the World" as its corporate mission, it is a national enterprise technology center and a national and local joint engineering laboratory. There is an information disclosure vulnerability in Tiandiweiye Network Camera, which is due to failure to properly control camera permissions. The attacker directly obtains the system username and password by sending a specific data packet.

Trust: 0.6

sources: CNVD: CNVD-2017-35813

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-35813

AFFECTED PRODUCTS

vendor:tiandi weiyemodel:network camerascope:eqversion:5.56.17.120

Trust: 0.6

sources: CNVD: CNVD-2017-35813

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-35813
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-35813
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-35813

PATCH

title:Tiandi Albert Announces Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/105416

Trust: 0.6

sources: CNVD: CNVD-2017-35813

EXTERNAL IDS

db:CNVDid:CNVD-2017-35813

Trust: 0.6

sources: CNVD: CNVD-2017-35813

SOURCES

db:CNVDid:CNVD-2017-35813

LAST UPDATE DATE

2022-05-04T09:51:20.925000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-35813date:2017-12-04T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-35813date:2017-11-18T00:00:00