Details of VAR-201810-0875

ID

VAR-201810-0875

CVE

CVE-2018-13115

TITLE

KERUI Wifi Endoscope Camera Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013982

DESCRIPTION

Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user. KERUI Wifi Endoscope Camera (YPC99) Contains an input validation vulnerability.Information may be obtained and information may be altered. KERUI Wifi Endoscope Camera (YPC99) is a mini endoscope camera

Trust: 1.71

sources: NVD: CVE-2018-13115 // JVNDB: JVNDB-2018-013982 // VULHUB: VHN-123142

IOT TAXONOMY

category:

['camera device']

sub_category:

camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	keruigroup	model:	ypc99	scope:	eq	version:	*	Trust: 1.0
vendor:	kerui	model:	ypc99	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-013982 // NVD: CVE-2018-13115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13115
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-13115
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-1123
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-123142
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13115
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-123142
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13115
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-123142 // JVNDB: JVNDB-2018-013982 // CNNVD: CNNVD-201810-1123 // NVD: CVE-2018-13115

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-123142 // JVNDB: JVNDB-2018-013982 // NVD: CVE-2018-13115

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1123

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201810-1123

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013982

PATCH

title:

Top Page

url:

http://www.keruistore.com/index.php

Trust: 0.8

sources: JVNDB: JVNDB-2018-013982

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13115	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-013982	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1123	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-123142	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-123142 // JVNDB: JVNDB-2018-013982 // CNNVD: CNNVD-201810-1123 // NVD: CVE-2018-13115

REFERENCES

url:	https://utkusen.com/blog/multiple-vulnerabilities-on-kerui-endoscope-camera.html	Trust: 2.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13115	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13115	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-123142 // JVNDB: JVNDB-2018-013982 // CNNVD: CNNVD-201810-1123 // NVD: CVE-2018-13115

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-123142
db:	JVNDB	id:	JVNDB-2018-013982
db:	CNNVD	id:	CNNVD-201810-1123
db:	NVD	id:	CVE-2018-13115

LAST UPDATE DATE

2025-01-30T19:35:07.601000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123142	date:	2019-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-013982	date:	2019-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201810-1123	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2018-13115	date:	2024-11-21T03:46:28.163

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123142	date:	2018-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-013982	date:	2019-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201810-1123	date:	2018-10-23T00:00:00
db:	NVD	id:	CVE-2018-13115	date:	2018-10-22T20:29:00.393