Sign-up

ID

VAR-201901-1595


CVE

CVE-2018-5560


TITLE

Practecol Guardzilla All-In-One Video Security System Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-014572

DESCRIPTION

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device. Practecol Guardzilla All-In-One Video Security System Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. GuardzillaAll-In-OneVideoSecuritySystem is a home security platform that provides indoor video surveillance. There is a hard-coded credential vulnerability in the Guardzilla IoT camera. This vulnerability exists in Amazon Simple Storage Service (S3) credentials within the Guardzilla Security Camera firmware. Use embedded S3 credentials to unrestrictedly view and download any stored files and videos in the associated bucket. Once a password is obtained, any unauthenticated attacker can collect data from any affected system over the network. Cloud-based storage system is one of the cloud-based storage systems. An attacker could exploit this vulnerability to view all Guardzilla personal data

Trust: 2.25

sources: NVD: CVE-2018-5560 // JVNDB: JVNDB-2018-014572 // CNVD: CNVD-2019-00567 // VULHUB: VHN-135591

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-00567

AFFECTED PRODUCTS

vendor:guardzillamodel:gz521wscope:eqversion:*

Trust: 1.0

vendor:guardzillamodel:gz521wscope: - version: -

Trust: 0.8

vendor:guardzillamodel:gz521wb security video systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-00567 // JVNDB: JVNDB-2018-014572 // NVD: CVE-2018-5560

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5560
value: HIGH

Trust: 1.0

cve@rapid7.com: CVE-2018-5560
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5560
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-00567
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-1059
value: HIGH

Trust: 0.6

VULHUB: VHN-135591
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5560
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-00567
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135591
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5560
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

cve@rapid7.com: CVE-2018-5560
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.8
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-00567 // VULHUB: VHN-135591 // JVNDB: JVNDB-2018-014572 // CNNVD: CNNVD-201901-1059 // NVD: CVE-2018-5560 // NVD: CVE-2018-5560

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-135591 // JVNDB: JVNDB-2018-014572 // NVD: CVE-2018-5560

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-1059

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-1059

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014572

PATCH
title:Top Pageurl:https://www.guardzilla.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014572

EXTERNAL IDS
db:NVDid:CVE-2018-5560
Trust: 3.1
db:JVNDBid:JVNDB-2018-014572
Trust: 0.8
db:CNNVDid:CNNVD-201901-1059
Trust: 0.7
db:CNVDid:CNVD-2019-00567
Trust: 0.6
db:VULHUBid:VHN-135591
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-00567 // 
            
            
            
            VULHUB: VHN-135591 // 
            
            
            
            JVNDB: JVNDB-2018-014572 // 
            
            
            
            CNNVD: CNNVD-201901-1059 // 
            
            
            
            NVD: CVE-2018-5560

REFERENCES
url:https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/
Trust: 2.5
url:https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-5560
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5560
Trust: 0.8
url:http://0day5.com/archives/4512/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-00567 // 
            
            
            
            VULHUB: VHN-135591 // 
            
            
            
            JVNDB: JVNDB-2018-014572 // 
            
            
            
            CNNVD: CNNVD-201901-1059 // 
            
            
            
            NVD: CVE-2018-5560

SOURCES
db:CNVDid:CNVD-2019-00567
db:VULHUBid:VHN-135591
db:JVNDBid:JVNDB-2018-014572
db:CNNVDid:CNNVD-201901-1059
db:NVDid:CVE-2018-5560

LAST UPDATE DATE
2024-11-23T21:37:43.177000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-00567date:2019-01-07T00:00:00
db:VULHUBid:VHN-135591date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-014572date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201901-1059date:2019-10-10T00:00:00
db:NVDid:CVE-2018-5560date:2024-11-21T04:09:03.990

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-00567date:2019-01-07T00:00:00
db:VULHUBid:VHN-135591date:2019-01-31T00:00:00
db:JVNDBid:JVNDB-2018-014572date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201901-1059date:2019-01-31T00:00:00
db:NVDid:CVE-2018-5560date:2019-01-31T21:29:00.270