Sign-up

ID

VAR-201812-1302


TITLE

ZTE C520 Smart Camera Has Authentication Defect Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-21990

DESCRIPTION

ZTE C520 is a smart Wi-Fi care camera. ZTE C520 smart camera has authentication flaws. The vulnerability is because the smart camera requires user name and password authentication to log in, view images and parameter settings. At the same time, authentication after login is based on IP, that is, as long as an IP is logged in with an account, the IP will automatically authorize access to the management background. Attackers can use the vulnerability to randomly call the management background and perform various operations.

Trust: 0.6

sources: CNVD: CNVD-2018-21990

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-21990

AFFECTED PRODUCTS

vendor:ztemodel:c520scope:lteversion:<=v2.1.13

Trust: 0.6

sources: CNVD: CNVD-2018-21990

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-21990
value: LOW

Trust: 0.6

CNVD: CNVD-2018-21990
severity: LOW
baseScore: 2.1
vectorString: AV:N/AC:H/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2018-21990

PATCH

title:ZTE C520Memo Smart Camera Has Authentication Defect Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/142965

Trust: 0.6

sources: CNVD: CNVD-2018-21990

EXTERNAL IDS

db:CNVDid:CNVD-2018-21990

Trust: 0.6

sources: CNVD: CNVD-2018-21990

SOURCES

db:CNVDid:CNVD-2018-21990

LAST UPDATE DATE

2022-05-04T10:18:55.810000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-21990date:2019-05-07T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-21990date:2018-12-07T00:00:00