Details of VAR-201806-1892

ID

VAR-201806-1892

TITLE

Yasv camera has onvif protocol anonymous access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-09760

DESCRIPTION

Yestv camera is a smart monitor for wireless network wifi. There is an anonymous access vulnerability in the onvif protocol on the camera of yestv. The vulnerability is caused by arbitrarily modifying the network configuration and arbitrarily restarting the device by calling the onvif protocol interface. An attacker can write a message to call the corresponding onvif interface to perform illegal operations on the device and can be accessed anonymously.

Trust: 0.6

sources: CNVD: CNVD-2018-09760

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-09760

AFFECTED PRODUCTS

vendor:

yashiwei security

model:

yasv camera

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2018-09760

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-09760
value:	LOW
Trust: 0.6

CNVD:	CNVD-2018-09760
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-09760

PATCH

title:

Yasv camera has onvif protocol with anonymous access vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/129425

Trust: 0.6

sources: CNVD: CNVD-2018-09760

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-09760

Trust: 0.6

sources: CNVD: CNVD-2018-09760

SOURCES

db:

CNVD

id:

CNVD-2018-09760

LAST UPDATE DATE

2022-05-04T09:33:44.264000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-09760

date:

2018-05-22T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-09760

date:

2018-06-22T00:00:00