Details of VAR-201810-0173

ID

VAR-201810-0173

CVE

CVE-2018-18428

TITLE

TP-Link TL-SC3130 Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013712

DESCRIPTION

TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. TP-Link TL-SC3130 The device contains an information disclosure vulnerability.Information may be obtained. The TP-LinkTL-SC3130 is an IP network camera from China Unicom (TP-LINK). There is a security vulnerability in the TP-LinkTL-SC31301.6.18 version. An attacker could exploit this vulnerability to divulge real-time RTSP streams. The TL-SC3130G surveillance camera is a versatile solution foryour home and office monitoring, whose 54Mbps wireless connectivity enablesyou to deploy the camera where inaccessible previously by Ethernet connectionsuch as ceiling and walls. This camera can be placed in your living room,office, or anywhere else you would like to keep an eye on things. After ahassle-free installation, you can view and control the camera from a Webbrowser, bundled software, or compatible cell phone. Besides basic monitoringtools such as motion detection and E-mail alerts which is motion triggeredsending an alert when the camera detects movement, advanced features ofhigh availability are also added, such as 2-way audio, dual streaming,and 3GPP compatibility, even the error detection tool 'Ping Watch Dog',making TL-SC3130G an excellent indoor surveillance solution.The TP-Link TL-SC3130 suffers from an unauthenticated and unauthorizedlive RTSP stream disclosure.Tested on: Boa/0.94.14rc21

Trust: 2.43

sources: NVD: CVE-2018-18428 // JVNDB: JVNDB-2018-013712 // CNVD: CNVD-2018-21628 // ZSL: ZSL-2018-5497 // VULHUB: VHN-128986 // VULMON: CVE-2018-18428

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-21628

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-sc3130	scope:	eq	version:	1.6.18p12_121101	Trust: 1.8
vendor:	tp link	model:	tl-sc3130	scope:	eq	version:	1.6.18	Trust: 0.6
vendor:	tplink	model:	tp-link tl-sc	scope:	eq	version:	1.6.18p12_121101	Trust: 0.1

sources: ZSL: ZSL-2018-5497 // CNVD: CNVD-2018-21628 // JVNDB: JVNDB-2018-013712 // NVD: CVE-2018-18428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18428
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-18428
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-21628
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201810-1055
value:	MEDIUM
Trust: 0.6
ZSL:	ZSL-2018-5497
value:	(3/5)
Trust: 0.1
VULHUB:	VHN-128986
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-18428
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-18428
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-21628
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-128986
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-18428
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: ZSL: ZSL-2018-5497 // CNVD: CNVD-2018-21628 // VULHUB: VHN-128986 // VULMON: CVE-2018-18428 // JVNDB: JVNDB-2018-013712 // CNNVD: CNNVD-201810-1055 // NVD: CVE-2018-18428

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-128986 // JVNDB: JVNDB-2018-013712 // NVD: CVE-2018-18428

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1055

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-1055

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013712

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2018-5497 // VULMON: CVE-2018-18428

PATCH

title:	Top Page	url:	http://www.tp-link.com	Trust: 0.8
title:	https://github.com/Samsung/cotopaxi	url:	https://github.com/Samsung/cotopaxi	Trust: 0.1

sources: VULMON: CVE-2018-18428 // JVNDB: JVNDB-2018-013712

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18428	Trust: 3.3
db:	PACKETSTORM	id:	149843	Trust: 2.7
db:	EXPLOIT-DB	id:	45632	Trust: 1.9
db:	ZSL	id:	ZSL-2018-5497	Trust: 1.9
db:	JVNDB	id:	JVNDB-2018-013712	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1055	Trust: 0.7
db:	CNVD	id:	CNVD-2018-21628	Trust: 0.6
db:	VULHUB	id:	VHN-128986	Trust: 0.1
db:	VULMON	id:	CVE-2018-18428	Trust: 0.1

REFERENCES

url:	https://packetstormsecurity.com/files/149843	Trust: 2.1
url:	https://www.exploit-db.com/exploits/45632/	Trust: 2.0
url:	https://www.zeroscience.mk/en/vulnerabilities/zsl-2018-5497.php	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18428	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18428	Trust: 0.8
url:	http://packetstormsecurity.com/files/149843/tp-link-tl-sc3130-1.6.18-unauthenticated-rtsp-stream-disclosure.html	Trust: 0.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/151628	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/samsung/cotopaxi	Trust: 0.1

CREDITS

Vulnerability discovered by Gjoko Krstic

Trust: 0.1

sources: ZSL: ZSL-2018-5497

SOURCES

db:	ZSL	id:	ZSL-2018-5497
db:	CNVD	id:	CNVD-2018-21628
db:	VULHUB	id:	VHN-128986
db:	VULMON	id:	CVE-2018-18428
db:	JVNDB	id:	JVNDB-2018-013712
db:	CNNVD	id:	CNNVD-201810-1055
db:	NVD	id:	CVE-2018-18428

LAST UPDATE DATE

2024-11-23T23:04:57.641000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2018-5497	date:	2018-10-20T00:00:00
db:	CNVD	id:	CNVD-2018-21628	date:	2018-10-24T00:00:00
db:	VULHUB	id:	VHN-128986	date:	2019-01-23T00:00:00
db:	VULMON	id:	CVE-2018-18428	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-013712	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201810-1055	date:	2019-02-11T00:00:00
db:	NVD	id:	CVE-2018-18428	date:	2024-11-21T03:55:54.813

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2018-5497	date:	2018-10-17T00:00:00
db:	CNVD	id:	CNVD-2018-21628	date:	2018-10-23T00:00:00
db:	VULHUB	id:	VHN-128986	date:	2018-10-19T00:00:00
db:	VULMON	id:	CVE-2018-18428	date:	2018-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-013712	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201810-1055	date:	2018-10-19T00:00:00
db:	NVD	id:	CVE-2018-18428	date:	2018-10-19T22:29:02.117