Sign-up

ID

VAR-201810-0497


CVE

CVE-2018-17919


TITLE

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-011238

DESCRIPTION

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. Hangzhou Xiongmai Information Technology Co., Ltd. focuses on security monitoring and video intelligence research and development. Multiple security weaknesses 2. Security bypass vulnerability Successfully exploiting these issues allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, bypass the authentication mechanism and gain unauthorized access. This may aid in launching further attacks. XMeye P2P Cloud Server product is vulnerable

Trust: 2.61

sources: NVD: CVE-2018-17919 // JVNDB: JVNDB-2018-011238 // CNVD: CNVD-2018-20455 // BID: 105722 // IVD: e2fd1b21-39ab-11e9-9d4b-000c29342cb1

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2fd1b21-39ab-11e9-9d4b-000c29342cb1 // CNVD: CNVD-2018-20455

AFFECTED PRODUCTS

vendor:xiongmaitechmodel:xmeye p2p cloud serverscope:eqversion:*

Trust: 1.0

vendor:xiongmaimodel:xmeye p2p cloud serverscope: - version: -

Trust: 0.8

vendor:xiongmai informationmodel:ip camerasscope: - version: -

Trust: 0.6

vendor:xiongmai informationmodel:nvrs and dvrs incl. 3rd party oem devicesscope: - version: -

Trust: 0.6

vendor:xiongmaitechmodel:xmeye p2p cloud serverscope: - version: -

Trust: 0.6

vendor: - model:xiongmai technology xmeye p2p cloud serverscope:eqversion:0

Trust: 0.3

vendor:xiongmai informationmodel:ip camerasscope:eqversion:*

Trust: 0.2

vendor:xiongmai informationmodel:nvrs and dvrs incl. 3rd party oem devicesscope:eqversion:*

Trust: 0.2

sources: IVD: e2fd1b21-39ab-11e9-9d4b-000c29342cb1 // CNVD: CNVD-2018-20455 // BID: 105722 // JVNDB: JVNDB-2018-011238 // CNNVD: CNNVD-201810-500 // NVD: CVE-2018-17919

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17919
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-17919
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20455
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-500
value: MEDIUM

Trust: 0.6

IVD: e2fd1b21-39ab-11e9-9d4b-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-17919
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20455
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fd1b21-39ab-11e9-9d4b-000c29342cb1
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17919
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.8

sources: IVD: e2fd1b21-39ab-11e9-9d4b-000c29342cb1 // CNVD: CNVD-2018-20455 // JVNDB: JVNDB-2018-011238 // CNNVD: CNNVD-201810-500 // NVD: CVE-2018-17919

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

problemtype:CWE-912

Trust: 1.0

sources: JVNDB: JVNDB-2018-011238 // NVD: CVE-2018-17919

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-500

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-500

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011238

PATCH
title:Top Pageurl:http://www.xiongmaitech.com/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011238

EXTERNAL IDS
db:NVDid:CVE-2018-17919
Trust: 3.5
db:ICS CERTid:ICSA-18-282-06
Trust: 2.7
db:CNVDid:CNVD-2018-20455
Trust: 0.8
db:CNNVDid:CNNVD-201810-500
Trust: 0.8
db:JVNDBid:JVNDB-2018-011238
Trust: 0.8
db:BIDid:105722
Trust: 0.3
db:IVDid:E2FD1B21-39AB-11E9-9D4B-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2fd1b21-39ab-11e9-9d4b-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-20455 // 
            
            
            
            BID: 105722 // 
            
            
            
            JVNDB: JVNDB-2018-011238 // 
            
            
            
            CNNVD: CNNVD-201810-500 // 
            
            
            
            NVD: CVE-2018-17919

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-282-06
Trust: 2.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17919
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17919
Trust: 0.8
url:https://seclists.org/fulldisclosure/2018/oct/22
Trust: 0.6
url:https://www.xmeye.net/index
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-20455 // 
            
            
            
            BID: 105722 // 
            
            
            
            JVNDB: JVNDB-2018-011238 // 
            
            
            
            CNNVD: CNNVD-201810-500 // 
            
            
            
            NVD: CVE-2018-17919

CREDITS
Stefan Viehböck on behalf of SEC Consult Vulnerability Lab
Trust: 0.3
sources:
            
            
            BID: 105722

SOURCES
db:IVDid:e2fd1b21-39ab-11e9-9d4b-000c29342cb1
db:CNVDid:CNVD-2018-20455
db:BIDid:105722
db:JVNDBid:JVNDB-2018-011238
db:CNNVDid:CNNVD-201810-500
db:NVDid:CVE-2018-17919

LAST UPDATE DATE
2024-11-23T22:12:19.118000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-20455date:2018-10-10T00:00:00
db:BIDid:105722date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011238date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201810-500date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17919date:2024-11-21T03:55:12.570

SOURCES RELEASE DATE
db:IVDid:e2fd1b21-39ab-11e9-9d4b-000c29342cb1date:2018-10-10T00:00:00
db:CNVDid:CNVD-2018-20455date:2018-10-10T00:00:00
db:BIDid:105722date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011238date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201810-500date:2018-10-11T00:00:00
db:NVDid:CVE-2018-17919date:2018-10-10T15:29:00.487