Details of VAR-201803-1013

ID

VAR-201803-1013

CVE

CVE-2017-11510

TITLE

Wanscam HW0021 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-08414 // CNNVD: CNNVD-201707-1226

DESCRIPTION

An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. Wanscam HW0021 Network cameras contain vulnerabilities related to certificate and password management.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. WanscamHW0021 is a network camera product from China Wanscam. An information disclosure vulnerability exists in WanscamHW0021

Trust: 2.25

sources: NVD: CVE-2017-11510 // JVNDB: JVNDB-2017-013099 // CNVD: CNVD-2018-08414 // VULHUB: VHN-101940

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-08414

AFFECTED PRODUCTS

vendor:	wanscam	model:	hw0021	scope:	eq	version:	11.6.5.1.1-20161213	Trust: 1.6
vendor:	wanscam	model:	hw0021	scope:	-	version:	-	Trust: 1.4

sources: CNVD: CNVD-2018-08414 // JVNDB: JVNDB-2017-013099 // CNNVD: CNNVD-201707-1226 // NVD: CVE-2017-11510

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-11510
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-11510
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-08414
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201707-1226
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-101940
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-11510
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-08414
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-101940
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-11510
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-08414 // VULHUB: VHN-101940 // JVNDB: JVNDB-2017-013099 // CNNVD: CNNVD-201707-1226 // NVD: CVE-2017-11510

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-101940 // JVNDB: JVNDB-2017-013099 // NVD: CVE-2017-11510

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1226

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201707-1226

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013099

PATCH

title:

Top Page

url:

http://www.wanscam.net/

Trust: 0.8

sources: JVNDB: JVNDB-2017-013099

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11510	Trust: 3.2
db:	TENABLE	id:	TRA-2017-33	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-013099	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-1226	Trust: 0.7
db:	CNVD	id:	CNVD-2018-08414	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-101940	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-08414 // VULHUB: VHN-101940 // JVNDB: JVNDB-2017-013099 // CNNVD: CNNVD-201707-1226 // NVD: CVE-2017-11510

REFERENCES

url:	https://www.tenable.com/security/research/tra-2017-33	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11510	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11510	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-08414 // VULHUB: VHN-101940 // JVNDB: JVNDB-2017-013099 // CNNVD: CNNVD-201707-1226 // NVD: CVE-2017-11510

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2018-08414
db:	VULHUB	id:	VHN-101940
db:	JVNDB	id:	JVNDB-2017-013099
db:	CNNVD	id:	CNNVD-201707-1226
db:	NVD	id:	CVE-2017-11510

LAST UPDATE DATE

2025-01-30T21:24:00.614000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-08414	date:	2018-04-26T00:00:00
db:	VULHUB	id:	VHN-101940	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-013099	date:	2018-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-1226	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-11510	date:	2024-11-21T03:07:54.967

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-08414	date:	2018-04-26T00:00:00
db:	VULHUB	id:	VHN-101940	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-013099	date:	2018-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-1226	date:	2017-07-26T00:00:00
db:	NVD	id:	CVE-2017-11510	date:	2018-03-28T17:29:00.273